Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijack this log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Hijack this log

Unread postby IT_Guy » August 29th, 2005, 3:59 pm

I've gotten this far, what is left?



Logfile of HijackThis v1.99.1
Scan saved at 10:53:51 AM, on 8/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system32\mdms.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6004265139
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O20 - Winlogon Notify: tcpG4T - tcpG4T.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
IT_Guy
Active Member
 
Posts: 10
Joined: August 26th, 2005, 1:09 pm
Advertisement
Register to Remove

Unread postby Nellie2 » August 29th, 2005, 4:36 pm

Hello IT Guy

Have you already fixed stuff yourself with hijackthis? There are some legitimate items missing from your log that I would expect to see.

If you have then please restore the backups.. I need to see what is going on with that system to be able to fix it effectivley.

Run hijackthis, click on the Misc Tools button then click on the backups button, highlight all the backups then click restore. Close hijackthis.

Then please go to Windows update and download and install Service Pack 1a. click here Do not install Service pack 2 yet.. but your system is very vulnerable without SP1a

Then download and install one of these free firewalls

Zone Alarm

Kerio

Sygate

You have evidence of a rootkit trojan on your machine.. it is a pasword stealer so I suggest you change all passwords stored on your machine.

Please post a fresh hijack log once you have completed the above and after a reboot.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby IT_Guy » August 29th, 2005, 5:53 pm

I started by running Ewido and deleted something like 1800 files here is the log for it. I have not removed anything with HijackThis so there were no files to restore. Hope this helps.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:29:08 PM, 8/27/2005
+ Report-Checksum: F1C6428C

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5154 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5174 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5196 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5211 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5236 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5261 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5269 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5318 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5522 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5531 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5569 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5575 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5615 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5647 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5684 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5847 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5861 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5887 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5897 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6114 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6592 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6598 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5251 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5449 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5459 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5494 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6603 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_7759 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_6218 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6347 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6376 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7047 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7048 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7051 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_6798 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5484 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5505 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5913 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_6655 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5248 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5271 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5285 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6047 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6421 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5174 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5196 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5269 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5293 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5318 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5522 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5531 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5569 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5575 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5610 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5615 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5647 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5684 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5861 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5887 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5897 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6114 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6592 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5251 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5449 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6018 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6027 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6031 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6052 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6603 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6685 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6743 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5351 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5388 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6471 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6473 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6478 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6479 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6481 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6482 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6485 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6488 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6492 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6493 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6500 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6507 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6508 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6513 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6021 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6032 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6219 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6772 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7377 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7378 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7379 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7380 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7383 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5174 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5269 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5522 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5531 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5569 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5575 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5615 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5647 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5684 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5887 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5897 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5251 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5449 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5459 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5901 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6603 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5351 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6471 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6473 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6478 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6479 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6480 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6481 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6482 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6485 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6488 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6490 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6491 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6492 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6493 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6500 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6502 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6507 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6508 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6513 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5340 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6831 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5524 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5526 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5532 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5534 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5792 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6070 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6208 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6423 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6487 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_7114 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_7115 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5634 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5636 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5776 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5805 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5854 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5880 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5925 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5994 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6034 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6148 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6154 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6190 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_7121 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with backup
[200] C:\WINDOWS\system32\tcpG4T.dll -> TrojanSpy.Goldun.bf : Cleaned with backup
[600] C:\WINDOWS\system32\sdnscfg.dll -> Spyware.Look2Me : Error during cleaning
[676] C:\WINDOWS\System32\drct16.dll -> Backdoor.Haxdoor.cn : Error during cleaning
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\cckr.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@images.trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\owner@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\dnxSUMqU.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\QVUpJ4.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\TBPS.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\temp.frCA65 -> TrojanDownloader.VB.em : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\upd15.tmp/ME.dll -> Spyware.MediaPops : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\x.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~378859.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~425015.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~46533.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~479476.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~504631.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~513800.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~562389.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~589760.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~596522.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~612432.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~616179.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~637465.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~645404.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~646179.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~667271.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~676892.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~684733.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~686005.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~707666.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~725410.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~729598.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~737718.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~74361.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~749064.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~762504.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~779554.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~782190.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~797063.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~829760.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~870726.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~871940.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~883786.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~885353.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~895553.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~899349.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~947517.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~947692.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~953155.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temp\~972645.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\5GSBXDOP\exploit[2].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\5GSBXDOP\tb_setup3[2].cab/tb_setup.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\839NQURP\ffxx[1].cab/ffxx.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\O5U3WTE3\hilfag[1].cab/hilfag.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\O5U3WTE3\qtgjey[1].cab/qtgjey.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\O5U3WTE3\Quds[1].cab/Quds.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\O5U3WTE3\updates[1].php -> Spyware.Beginto.a : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\T7ZFPT8E\tb_setup[1].cab/tb_setup.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Program Files\180searchassistant\sachook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\apsi\wtta.exe -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Program Files\Cas\Client\casclient.exe -> Spyware.CASClient : Cleaned with backup
C:\Program Files\CasStub\casstub.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18418591.asw -> Spyware.TwainTech : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18477961.asw -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\18482961.asw -> TrojanDownloader.Apropo.l : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21301871.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21314842.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21315932.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21323123.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21324063.asw -> Spyware.TwainTech : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21324373.asw -> Spyware.TwainTech : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21342964.asw -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21344214.asw -> Spyware.AproposMedia : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21412037.asw -> TrojanDownloader.WebP2PInstaller : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21477651.asw -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21478121.asw -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21478591.asw -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21481251.asw -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21481561.asw -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21512032.asw -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21515462.asw -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21516402.asw -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21517502.asw -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21552182.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21574842.asw -> TrojanDownloader.Apropo.l : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21605002.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21608282.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21610312.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21613752.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21614532.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21624532.asw -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21626092.asw -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21645933.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21648283.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21650313.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware Protection\Backup\21653753.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\umzo\umzoa.exe -> TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\umzo\umzol.exe -> TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\umzo\umzop.exe -> Spyware.Xupiter : Cleaned with backup
C:\Program Files\Kazaa\TopSearch.dll -> Spyware.Altnet : Cleaned with backup
C:\Program Files\morpheus\fsg_3210a.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet6_38.dll -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\GIocl.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\GIoclClient.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\GObjs.dll -> Adware.Gator : Cleaned with backup
C:\Program Files\SpySheriff -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\found.wav -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\IESecurity.dll -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\notfound.wav -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\ProcMon.dll -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\removed.wav -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.dvm -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.exe -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff_1.dat -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff_2.dat -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\Uninstall.exe -> Spyware.SpySheriff : Cleaned with backup
C:\Program Files\WeirdOnTheWeb\weirdontheweb.exe -> Spyware.WeirWeb : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe -> Spyware.Pacer : Cleaned with backup
C:\temp\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\dhjfpacg.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\website.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\ffxx.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\hilfag.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\kl.exe -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\WINDOWS\loadnew.exe -> TrojanDownloader.Tibs.h : Cleaned with backup
C:\WINDOWS\ms1.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\ms2.exe -> TrojanDropper.Microjoin : Cleaned with backup
C:\WINDOWS\ms3.exe -> Trojan.Qhost.n : Cleaned with backup
C:\WINDOWS\ms4.exe -> Trojan.Qhost.n : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\protector.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\pss\cckr.exeCommon Startup -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\qtgjey.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\Quds.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\sdahbov.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\sys1039.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1045.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1056.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1558.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1611.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1646.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys167.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys171.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1714.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2211.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2216.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys223.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2431.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys250.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2529.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys253.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2532.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2535.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys257.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3013.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3023.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys309.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys312.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys313.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3258.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys36.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3922.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys395.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3958.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys399.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4013.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4016.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4529.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4533.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4537.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4627.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4628.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4630.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4815.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4818.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4821.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4915.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4917.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4919.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5110.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5118.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5120.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5714.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5722.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys578.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys715.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys718.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys77.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\SYSTEM\gohdeujwwp.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\SYSTEM32\a3d75223.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\SYSTEM32\aclui434.exe -> Spyware.AdSrve : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_500300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_500300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_503300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_503300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_517400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_517400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_519600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_519600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_521100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_521100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_523600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_523600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_529100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_529100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_531800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_531800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_532400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_532400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_537300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_537300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_541900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_541900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_549200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_552200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_552200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_553100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_553100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_556900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_556900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_557500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_557500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_557500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_559500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_559500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_561500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_561500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_563400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_564700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_564700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_568400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_568400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_577000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_577000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_584700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_584700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_586100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_588700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_588700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_588900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_589700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_589700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_590100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_595700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_599300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_600200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_600200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_600200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_604400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_604400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_605500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_605500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_606300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_606300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_610900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_610900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_611400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_611400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_618300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_618300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_621600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_621600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_622300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_623500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_624900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_624900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_625100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_625100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_626000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_626000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_640300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_640300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_651200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_651200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_653800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_658600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_658600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_659200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_659200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_659800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_659800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_669000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_670300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_672100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_672100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_672300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_672300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_672600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_672600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_673400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_673700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_673700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_674500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_674500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_678600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_678600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_679300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_679300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_682500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_682500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_683200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_683200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_688200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_688200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_697700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_697700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_697800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_697800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_699800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_699800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_701000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_
IT_Guy
Active Member
 
Posts: 10
Joined: August 26th, 2005, 1:09 pm

Realized the log was incomplete...........

Unread postby IT_Guy » August 29th, 2005, 8:19 pm

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:29:08 PM, 8/27/2005
+ Report-Checksum: F1C6428C

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} ->

Trojan.Agent.eo : Cleaned with backup


HKLM\SOFTWARE\Classes\CLSID\{5483427F-93B8-1470-5A89-E6B56484CDB2} ->

Spyware.CoolWebSearch : Cleaned with backup


HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} ->

Spyware.AproposMedia : Cleaned with backup


HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} ->

Spyware.AproposMedia : Cleaned with backup


HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} ->

Spyware.P2PNetworking : Cleaned with backup


HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}

-> Spyware.AproposMedia : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\intexp ->

Spyware.IEPlugin : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5154 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5174 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5196 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5211 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5236 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5261 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5269 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5318 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5522 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5531 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5569 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5575 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5615 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5647 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5684 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5847 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5861 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5887 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5897 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6114 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6592 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6598 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5251 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5449 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5459 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5490 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_5494 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_6603 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_2\Seqn_7759 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_3 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_4 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_0\Level_4\Seqn_6218 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_1 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6347 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6376 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7047 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7048 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_7051 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_2 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_6798 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_3 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5484 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5505 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_5913 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_3\Seqn_6655 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_4 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5248 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5271 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_5285 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6047 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_1\Level_4\Seqn_6421 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5174 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5196 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5269 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5293 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5318 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5522 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5531 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5569 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5575 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5610 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5615 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5647 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5684 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5861 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5887 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5897 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6114 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6592 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5251 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_5449 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6018 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6027 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6031 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6052 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6603 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6685 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_2\Seqn_6743 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5351 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5353 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_5388 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6471 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6473 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6478 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6479 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6481 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6482 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6485 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6488 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6490 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6492 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6493 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6500 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6507 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6508 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_3\Seqn_6513 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6021 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6032 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6219 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_6772 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7377 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7378 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7379 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7380 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_2\Level_4\Seqn_7383 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5174 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5269 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5522 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5531 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5569 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5575 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5615 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5647 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5684 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5887 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5897 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_2 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5251 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5449 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5459 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_5901 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_2\Seqn_6603 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5351 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_5353 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6471 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6473 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6478 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6479 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6480 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6481 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6482 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6485 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6488 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6490 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6491 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6492 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6493 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6500 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6502 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6507 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6508 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_3\Seqn_6513 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_3\Level_4 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_1 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5340 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6831 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5524 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5526 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5532 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5534 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5792 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6070 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6208 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6423 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6487 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_7114 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_7115 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5634 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5636 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5776 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5805 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5854 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5880 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5925 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_5994 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6034 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6148 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6154 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_6190 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_3\Seqn_7121 -> Spyware.Cydoor :

Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Loct_4\Level_4 -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with

backup


HKU\S-1-5-21-400550780-2796713857-643571872-1003\Software\Kazaa\Promoti

ons\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with

backup
[200] C:\WINDOWS\system32\tcpG4T.dll -> TrojanSpy.Goldun.bf :

Cleaned with backup
[600] C:\WINDOWS\system32\sdnscfg.dll -> Spyware.Look2Me :

Error during cleaning
[676] C:\WINDOWS\System32\drct16.dll -> Backdoor.Haxdoor.cn :

Error during cleaning
C:\Documents and Settings\All Users\Start

Menu\Programs\Startup\cckr.exe -> TrojanDownloader.Qoologic.n : Cleaned

with backup
C:\Documents and Settings\Default

User\Cookies\owner@adopt.specificclick[1].txt ->

Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Default

User\Cookies\owner@ads18.bpath[2].txt -> Spyware.Cookie.Bpath : Cleaned

with backup
C:\Documents and Settings\Default

User\Cookies\owner@images.trafficmp[1].txt -> Spyware.Cookie.Trafficmp

: Cleaned with backup
C:\Documents and Settings\Default

User\Cookies\owner@www.myaffiliateprogram[1].txt ->

Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Application

Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll ->

Spyware.WildTangent : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\asmfiles.cab/asm.exe -> Spyware.Altnet : Cleaned with

backup
C:\Documents and Settings\Default User\Local

Settings\Temp\dnxSUMqU.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\QVUpJ4.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\TBPS.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\temp.frCA65 -> TrojanDownloader.VB.em : Cleaned with

backup
C:\Documents and Settings\Default User\Local

Settings\Temp\upd15.tmp/ME.dll -> Spyware.MediaPops : Cleaned with

backup
C:\Documents and Settings\Default User\Local

Settings\Temp\x.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~378859.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~425015.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~46533.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~479476.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~504631.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~513800.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~562389.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~589760.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~596522.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~612432.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~616179.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~637465.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~645404.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~646179.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~667271.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~676892.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~684733.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~686005.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~707666.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~725410.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~729598.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~737718.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~74361.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~749064.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~762504.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~779554.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~782190.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~797063.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~829760.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~870726.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~871940.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~883786.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~885353.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~895553.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~899349.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~947517.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~947692.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~953155.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local

Settings\Temp\~972645.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\5GSBXDOP\exploit[2].htm ->

Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\5GSBXDOP\tb_setup3[2].cab/tb_setup.exe ->

Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\839NQURP\ffxx[1].cab/ffxx.exe ->

Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\O5U3WTE3\hilfag[1].cab/hilfag.exe ->

Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\O5U3WTE3\qtgjey[1].cab/qtgjey.exe ->

Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\O5U3WTE3\Quds[1].cab/Quds.exe ->

Backdoor.Agent.bg : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\O5U3WTE3\updates[1].php -> Spyware.Beginto.a

: Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary

Internet Files\Content.IE5\T7ZFPT8E\tb_setup[1].cab/tb_setup.exe ->

Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application

Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll ->

Spyware.WildTangent : Cleaned with backup
C:\Program Files\180searchassistant\sachook.dll ->

Spyware.180Solutions : Cleaned with backup
C:\Program Files\apsi\wtta.exe -> TrojanDownloader.PurityScan.y

: Cleaned with backup
C:\Program Files\Cas\Client\casclient.exe -> Spyware.CASClient

: Cleaned with backup
C:\Program Files\CasStub\casstub.exe ->

TrojanDownloader.Agent.qg : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\18418591.asw -> Spyware.TwainTech : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\18477961.asw -> Spyware.NewDotNet : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\18482961.asw -> TrojanDownloader.Apropo.l : Cleaned

with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21301871.asw -> Spyware.BargainBuddy : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21314842.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21315932.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21323123.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21324063.asw -> Spyware.TwainTech : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21324373.asw -> Spyware.TwainTech : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21342964.asw -> Spyware.BargainBuddy : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21344214.asw -> Spyware.AproposMedia : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21412037.asw -> TrojanDownloader.WebP2PInstaller :

Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21477651.asw -> Spyware.BookedSpace : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21478121.asw -> Spyware.BookedSpace : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21478591.asw -> Spyware.BookedSpace : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21481251.asw -> Spyware.BookedSpace : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21481561.asw -> Spyware.BookedSpace : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21512032.asw -> Spyware.IBIS : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21515462.asw -> Spyware.NewDotNet : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21516402.asw -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21517502.asw -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21552182.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21574842.asw -> TrojanDownloader.Apropo.l : Cleaned

with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21605002.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21608282.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21610312.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21613752.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21614532.asw -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21624532.asw -> Spyware.ClearSearch : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21626092.asw -> Spyware.ClearSearch : Cleaned with

backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21645933.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21648283.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21650313.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\AOL\AOL Spyware

Protection\Backup\21653753.asw -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Common Files\umzo\umzoa.exe ->

TrojanDownloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\umzo\umzol.exe ->

TrojanDownloader.TSUpdate.j : Cleaned with backup
C:\Program Files\Common Files\umzo\umzop.exe -> Spyware.Xupiter

: Cleaned with backup
C:\Program Files\Kazaa\TopSearch.dll -> Spyware.Altnet :

Cleaned with backup
C:\Program Files\morpheus\fsg_3210a.exe -> Adware.Gator :

Cleaned with backup
C:\Program Files\NewDotNet\newdotnet6_38.dll ->

Spyware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_22.exe ->

Spyware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\uninstall6_38.exe ->

Spyware.NewDotNet : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\GIocl.dll ->

Adware.Gator : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\GIoclClient.dll ->

Adware.Gator : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\GObjs.dll ->

Adware.Gator : Cleaned with backup
C:\Program Files\SpySheriff -> Spyware.SpySheriff : Cleaned

with backup
C:\Program Files\SpySheriff\found.wav -> Spyware.SpySheriff :

Cleaned with backup
C:\Program Files\SpySheriff\IESecurity.dll ->

Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\notfound.wav -> Spyware.SpySheriff

: Cleaned with backup
C:\Program Files\SpySheriff\ProcMon.dll -> Spyware.SpySheriff :

Cleaned with backup
C:\Program Files\SpySheriff\removed.wav -> Spyware.SpySheriff :

Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.dvm ->

Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff.exe ->

Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff_1.dat ->

Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\SpySheriff_2.dat ->

Spyware.SpySheriff : Cleaned with backup
C:\Program Files\SpySheriff\Uninstall.exe -> Spyware.SpySheriff

: Cleaned with backup
C:\Program Files\WeirdOnTheWeb\weirdontheweb.exe ->

Spyware.WeirWeb : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe ->

Spyware.Pacer : Cleaned with backup
C:\temp\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\AuroraHandler.dll -> Adware.BetterInternet : Cleaned

with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned

with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned

with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with

backup
C:\WINDOWS\dhjfpacg.exe -> Spyware.BookedSpace : Cleaned with

backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\website.ocx ->

TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx ->

TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll ->

Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\etb\nt_hide62.dll -> Spyware.EliteBar : Cleaned with

backup
C:\WINDOWS\etb\pokapoka62.exe -> Spyware.EliteBar : Cleaned

with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with

backup
C:\WINDOWS\ffxx.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\hilfag.exe -> Backdoor.Agent.bg : Cleaned with

backup
C:\WINDOWS\kl.exe -> Backdoor.Haxdoor.cn : Cleaned with backup
C:\WINDOWS\loadnew.exe -> TrojanDownloader.Tibs.h : Cleaned

with backup
C:\WINDOWS\ms1.exe -> TrojanDownloader.Agent.ho : Cleaned with

backup
C:\WINDOWS\ms2.exe -> TrojanDropper.Microjoin : Cleaned with

backup
C:\WINDOWS\ms3.exe -> Trojan.Qhost.n : Cleaned with backup
C:\WINDOWS\ms4.exe -> Trojan.Qhost.n : Cleaned with backup
C:\WINDOWS\Nail.exe -> Adware.BetterInternet : Cleaned with

backup
C:\WINDOWS\NDNuninstall4_50.exe -> Spyware.NewDotNet : Cleaned

with backup
C:\WINDOWS\NDNuninstall6_22.exe -> Spyware.NewDotNet : Cleaned

with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned

with backup
C:\WINDOWS\protector.exe -> Spyware.Hijacker.Generic : Cleaned

with backup
C:\WINDOWS\pss\cckr.exeCommon Startup ->

TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\qtgjey.exe -> Backdoor.Agent.bg : Cleaned with

backup
C:\WINDOWS\Quds.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\WINDOWS\ru.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\sdahbov.exe -> Adware.BetterInternet : Cleaned with

backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with

backup
C:\WINDOWS\sys1039.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1045.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1056.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1558.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1611.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1646.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys167.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys171.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1714.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2211.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2216.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys223.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2431.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys250.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2529.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys253.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2532.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys2535.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys257.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3013.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3023.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys309.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys312.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys313.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3258.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys36.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3922.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys395.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys3958.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys399.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4013.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4016.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4529.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4533.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4537.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4627.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4628.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4630.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4815.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4818.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4821.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4915.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4917.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4919.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5110.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5118.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5120.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5714.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys5722.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys578.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys715.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys718.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys77.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\SYSTEM\gohdeujwwp.exe -> TrojanDownloader.Small.ayh

: Cleaned with backup
C:\WINDOWS\SYSTEM32\a3d75223.exe -> Spyware.AdSrve : Cleaned

with backup
C:\WINDOWS\SYSTEM32\aclui434.exe -> Spyware.AdSrve : Cleaned

with backup
C:\WINDOWS\SYSTEM32\AdCache -> Adware.Cydoor : Cleaned with

backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_500300.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_500300.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_503300.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_503300.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_517400.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_517400.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_519600.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_519600.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_521100.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_521100.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_523600.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_523600.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526100.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526100.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526900.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_526900.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_529100.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_529100.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_531800.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_531800.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_532400.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_532400.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_537300.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_537300.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_541900.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_541900.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_549200.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_552200.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_552200.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_553100.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_553100.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_556900.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_556900.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_557500.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_557500.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_557500.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_559500.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_559500.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_561500.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_561500.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_563400.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_564700.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_564700.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_568400.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_568400.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_577000.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_577000.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_584700.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_584700.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585000.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585000.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585100.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_585100.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_586100.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_588700.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_588700.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_588900.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_589700.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_589700.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_590100.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_595700.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_599300.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_600200.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_600200.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_600200.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_604400.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_604400.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_605500.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_605500.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_606300.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_606300.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_610900.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_610900.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_611400.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_611400.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_618300.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_618300.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_621600.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_621600.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_622300.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_623500.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_624900.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_624900.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_625100.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_625100.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_626000.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_626000.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630000.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630000.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630600.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_630600.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636500.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636500.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636700.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_636700.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_640300.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_640300.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_651200.htm ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_651200.swf ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_653800.gif ->

Adware.Cydoor : Cleaned with backup
C:\WINDOWS\SYSTEM32\AdCache\B_329_0_1_658600.htm ->

Adware.Cydoor : Cleaned with backup
IT_Guy
Active Member
 
Posts: 10
Joined: August 26th, 2005, 1:09 pm

Unread postby Nellie2 » August 30th, 2005, 2:22 am

wow!! :shock:

Thanks for the Ewido log, can you install the firewall and update to SP1a and post the fresh hijack log as I asked in my first post please,
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby IT_Guy » August 30th, 2005, 1:56 pm

Ok took some doing but I got SP1 on there and downloaded ZoneAlarm

Here is the log.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:26 AM, on 8/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\windows\system32\mdms.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6004265139
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O20 - Winlogon Notify: tcpG4T - tcpG4T.dll (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
IT_Guy
Active Member
 
Posts: 10
Joined: August 26th, 2005, 1:09 pm

Unread postby Nellie2 » August 30th, 2005, 5:18 pm

Bring up task manager by pressing Ctrl-Alt-Del and end this process

mdms.exe

Reconfigure Windows XP to show hidden files:
Double-click the My Computer icon on the Windows desktop.
Select the Tools menu and click Folder Options. Select the View Tab.

Under the Hidden files and folders heading select "Show hidden files and folders".
Uncheck the "Hide protected operating system files (recommended)" option.
Uncheck the "Hide file extensions for known file types" option.
Click Yes to confirm. Click OK.

Run hijackthis and click the scan button, when it has finished scanning then put a tick against the following, close all other browsers and windows and click 'fix checked'

O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} - C:\Program Files\Cas\Client\casmf.dll
O20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O20 - Winlogon Notify: tcpG4T - tcpG4T.dll (file missing)

Then boot into safe mode and find and delete the following;

c:\windows\system32\mdms.exe
C:\Program Files\Cas

Please also search for msudp4.sys if you find it then delete it.

Still in safe mode, can you scan with Ewido and post the log it creates with your reply.

Then boot into normal mode and download this registry search tool, it is about halfway down the list. click here

please use it to search for msudp4, post the log that the tool makes in your reply.

I will also need to see a fresh hijack log and also a startup log too please.

To generate the startup log;

Run hijackthis again and click on the Misc Tools button, then next to Generate Startup List, check List also minor sections (full), and List empty sections (complete)

Then press Generate StartupList log, and post the log in your next reply.

That little lot should keep you busy for a bit!! :D
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby IT_Guy » August 30th, 2005, 6:45 pm

OK here we go.......


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:42:30 PM, 8/30/2005
+ Report-Checksum: 3A309E3B

+ Scan result:

C:\RECYCLER\S-1-5-21-400550780-2796713857-643571872-1003\Dc5.sys -> TrojanSpy.Goldun.bf : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/divenum.dll -> Spyware.Look2Me : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/ifrtrmgr.dll -> Spyware.Look2Me : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/mifutil.dll -> Spyware.Look2Me : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/mmjtes40.dll -> Spyware.Look2Me : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/sdnscfg.dll -> Spyware.Look2Me : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/skgtab.dll -> Spyware.Look2Me : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/__delete_on_reboot__mbtask.dll -> Spyware.Look2Me : Cleaned with backup
C:\temp\ll2mfix\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Cleaned with backup


::Report End



REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "msudp4" 8/30/2005 2:53:39 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000]
"Service"="msudp4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_MSUDP4\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4\Enum]
"0"="Root\\LEGACY_MSUDP4\\0000"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUDP4]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUDP4\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUDP4\0000]
"Service"="msudp4"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_MSUDP4\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msudp4]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msudp4\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000]
"Service"="msudp4"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\LogConf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MSUDP4\0000\Control]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Security]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Enum]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4\Enum]
"0"="Root\\LEGACY_MSUDP4\\0000"

[HKEY_USERS\S-1-5-21-400550780-2796713857-643571872-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="msudp4.sys"



StartupList report, 8/30/2005, 3:44:31 PM
StartupList version: 1.52.2
Started from : C:\temp\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\temp\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Owner\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Zone Labs Client = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\mplayer2.inf,PerUserStub.NT

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.Install.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{8b15971b-5355-4c82-8c07-7e181ea07608}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\SYSTEM32\ssmarque.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

*No BHO's found*

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton SystemWorks One Button Checkup.job
RUTASK.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.microsoft.com/download/ ... mv9VCM.CAB

[AOL Content Update]
InProcServer32 = C:\Program Files\Common Files\AolCoach\en_en\GTDownAO_106.ocx
CODEBASE = http://esupport.aol.com/help/acp2/engin ... core_1.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://v5.windowsupdate.microsoft.com/v ... 6004265139

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AMD AGP Bus Filter Driver: System32\DRIVERS\amdagp.sys (system)
AOL Connectivity Service: C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe (autostart)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
CSS DVP: System32\DRIVERS\css-dvp.sys (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
DvpApi: C:\Program Files\Common Files\Command Software\dvpapi.exe (autostart)
Intel(R) PRO Adapter Driver: System32\DRIVERS\e100b325.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido security suite control: C:\Program Files\ewido\security suite\ewidoctrl.exe (autostart)
ewido security suite driver: \??\C:\Program Files\ewido\security suite\guard.sys (system)
ewido security suite guard: C:\Program Files\ewido\security suite\ewidoguard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Fax: %systemroot%\system32\fxssvc.exe (autostart)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FREEDOM Miniport: System32\DRIVERS\FREEDOM.SYS (manual start)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
IntelIde: System32\DRIVERS\intelide.sys (system)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
LT Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
McAfee.com McShield: C:\Program Files\mcafee.com\VSO\mcshield.exe (manual start)
McAfee.com VirusScan Online Realtime Engine: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe /Embedding (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\System32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
UDPservice: \??\C:\WINDOWS\System32\msudp4.sys (system)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NaiFiltr: System32\DRIVERS\NaiFiltr.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
NVIDIA Driver Helper Service: %SystemRoot%\System32\nvsvc32.exe (autostart)
NVIDIA nForce AGP Bus Filter: System32\DRIVERS\nv_agp.sys (system)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
PS2: System32\DRIVERS\PS2.sys (manual start)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (manual start)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS315: System32\DRIVERS\sisgrp.sys (manual start)
Service for AC'97 Sample Driver (WDM): system32\drivers\sis7012.sys (manual start)
SiS AGP Filter: System32\DRIVERS\SISAGP.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: \SystemRoot\System32\DRIVERS\sr.sys (disabled)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{DEB012B0-1AB2-4541-887F-BF0A1C2028BB} (manual start)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
trid3d: System32\DRIVERS\trid3dm.sys (manual start)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Upload Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VIRTwin: \??\C:\WINDOWS\System32\vdmt16.sys (system)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: System32\DRIVERS\viaagp.sys (system)
ViaIde: System32\DRIVERS\viaide.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
SCNDmem: \??\C:\WINDOWS\System32\winlow.sys (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

gohdeujwwp.exe = C:\WINDOWS\system\gohdeujwwp.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 31,622 bytes
Report generated in 0.109 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only


and just in case




Logfile of HijackThis v1.99.1
Scan saved at 3:43:05 PM, on 8/30/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\taskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\temp\HijackThis.exe

O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v ... 6004265139
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
IT_Guy
Active Member
 
Posts: 10
Joined: August 26th, 2005, 1:09 pm

Unread postby ChrisRLG » August 31st, 2005, 2:05 pm

IT Guy.

Nellie asked me to pass on the information that she will not be active in the forum tonight, she will be back tomorrow with the next post.

This is a very new infection, one which nellie has already cleaned on another forum, so it would be best to leave for her to reply tomorrow, rather than me (or anyone else) muddying the waters.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby Nellie2 » September 1st, 2005, 3:32 pm

sorry for the delay;

did you find msudp4.sys and if you did were you able to delete it?

Please copy the contents of the quote box below to note pad and save to your desktop;

Save As Type - All files
File name - stop.reg

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4]
"Type"=dword:00000004
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4]
"Type"=dword:00000004
"Start"=dword:00000004

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msudp4]
"Type"=dword:00000004
"Start"=dword:00000004


Double click stop.reg on your desktop and allow it to merge with the registry.

Then copy the contents of the quote box below to notepad and save to your desktop.

Windows Registry Editor Version 5.00

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msudp4]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msudp4]

[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\msudp4]


Save As Type - All files
File name - fix.reg

Double click fix.reg and allow it to merge with the registry.

Reboot and generate another start up list using hijackthis please.

Could you do another scan with Ewido too and post me the log
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby IT_Guy » September 2nd, 2005, 1:47 pm

Ok I ran Ewido and it was clean, no problem there. I serached for msudp4.sys and deleted it, no problem there either. I was unclear about deleting the registry entries for msudp4.sys though so please advise on that. In the mean time I have installed all updates and the system seems to be running fine.
IT_Guy
Active Member
 
Posts: 10
Joined: August 26th, 2005, 1:09 pm

Unread postby ChrisRLG » September 2nd, 2005, 2:25 pm

Reboot and generate another start up list using hijackthis please.

Could you do another scan with Ewido too and post me the log


Could we have those logs to check please.
ChrisRLG
Administrator Emeritus
 
Posts: 17759
Joined: December 16th, 2004, 10:04 am
Location: Southend, Essex, UK

Unread postby IT_Guy » September 2nd, 2005, 2:52 pm

Sorry bout that,

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:45:04 AM, 9/2/2005
+ Report-Checksum: A5F4F61A

+ Scan result:

No infected objects found.


::Report End



Logfile of HijackThis v1.99.1
Scan saved at 11:51:05 AM, on 9/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\mcafee.com\VSO\mcshield.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\temp\HijackThis.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .png: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol.com/help/acp2/engin ... core_1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 5464287887
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - C:\Program Files\mcafee.com\VSO\mcshield.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Mcafee.com Corporation - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
IT_Guy
Active Member
 
Posts: 10
Joined: August 26th, 2005, 1:09 pm

Unread postby Nellie2 » September 3rd, 2005, 6:44 am

Could I have a look at a new start up log from hijackthis too please!! We can clear out the msudp4 entries from the registry... I want to make sure that the service has been stopped first.

If you are confident in what you are doing there then go ahead.. but remember to back up the registry first
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK

Unread postby NonSuch » September 19th, 2005, 11:36 pm

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27235
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware