Logfile of HijackThis v1.99.1
Scan saved at 5:26:33 PM, on 12/26/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\pctspk.exe
C:\WINDOWS\System32\BacsTray.exe
C:\Program Files\Dell\QuickSet\QuickSet.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\nvsvc32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\BellSouth\Connection Manager\CManager.exe
C:\PROGRA~1\BROADJ~1\CORREC~1\CCD.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\System32\PdeSrv2.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Don\My Documents\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =
http://localhost;
F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\System32\urqom.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [bacstray] BacsTray.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /nosystray
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SoundMax] C:\WINDOWS\System32\dll32\csrss.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TivoTransfer] "C:\Program Files\Common Files\TiVo Shared\Transfer\TivoTransfer.exe" /auto:TivoTransfer /registry /service
O4 - HKCU\..\Run: [TivoServer] "C:\Program Files\TiVo\Desktop\TiVoServer.exe" /auto:TivoServer /registry /service
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Download] "C:\DOCUME~1\Don\LOCALS~1\Temp\BellSouth\SSGet.exe" 120 "http://download.fastaccess.com/download/HCUpgrade3.1.exe" "HCUpgrade3.1.exe" Log
O4 - Startup: Connection Manager.lnk = C:\Program Files\BellSouth\Connection Manager\CManager.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Microsoft AntiSpyware helper - {D2EABF44-8A32-4B2E-822F-642BB7979132} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D2EABF44-8A32-4B2E-822F-642BB7979132} - (no file) (HKCU)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -
http://pdl.stream.aol.com/downloads/aol ... _en_dl.cab
O20 - Winlogon Notify: urqom - C:\WINDOWS\System32\urqom.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TiVo Beacon (TivoBeacon2) - TiVo Inc. - C:\Program Files\Common Files\TiVo Shared\Beacon\TiVoBeacon.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
Ewido report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 3:03:37 PM, 12/26/2005
+ Report-Checksum: 17BD6FD
+ Scan result:
HKLM\SOFTWARE\Classes\ANSMTP.OBJ -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ.1 -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CLSID -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer\CurVer -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\WebP2PInstaller.Installer.1 -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_5021 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_5405 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_5407 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_0\Seqn_6365 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5026 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5063 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5135 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5137 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5149 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5150 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5154 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5244 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5345 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5363 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5370 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5474 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5604 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5627 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5668 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5679 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5798 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5903 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5931 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5939 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5982 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5987 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5988 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_5991 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6008 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6116 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6221 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6236 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6315 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6327 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_0\Level_1\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5187 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5188 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5196 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5517 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_5913 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6047 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_1\Seqn_6376 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_5535 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_1\Level_2\Seqn_6540 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_0\Seqn_6365 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5026 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5063 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5134 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5135 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5137 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5149 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5150 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5154 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5244 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5345 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5363 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5370 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5474 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5604 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5627 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5668 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5679 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5798 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5903 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5931 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5939 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5982 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5987 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5988 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_5991 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6008 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6116 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6221 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6236 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6315 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6327 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_2\Level_1\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_5021 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_5405 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_5407 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_0\Seqn_6365 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5026 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5063 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5135 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5137 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5149 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5150 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5154 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5244 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5345 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5353 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5363 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5370 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5474 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5604 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5627 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5668 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5679 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5798 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5903 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5931 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5939 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5982 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5987 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5988 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_5991 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6008 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6116 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6183 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6221 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6236 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6315 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6327 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_3\Level_1\Seqn_6585 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_5171 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_5409 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_5432 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_0\Seqn_5735 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5125 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5818 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_5882 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_1\Seqn_6015 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5043 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5106 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5120 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5177 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5534 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_5930 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6070 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_2\Seqn_6831 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loct_4\Level_4\Seqn_5465 -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Queue -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Kazaa\Promotions\Cydoor\Adwr_329\Services\Status -> Spyware.Cydoor : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-1860493358-3758347995-3366240910-1005\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\!KillBox\batserv2.exe -> Worm.Locksky.m : Cleaned with backup
C:\!KillBox\setup32.exe -> Backdoor.Rbot : Cleaned with backup
C:\!KillBox\shdocha.exe -> Not-A-Virus.Hoax.Win32.EvidenceEliminator.a : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OSA.exe -> Not-A-Virus.Hoax.Win32.EvidenceEliminator.a : Cleaned with backup
C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> Downloader.WebP2PInstaller : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq77.tmp -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq78.tmp -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq79.tmp\P2P Networking.exe -> Spyware.P2PNetworking : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> Spyware.Altnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB1.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB2.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB3.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB5.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB6.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB8.tmp -> Spyware.Cookie.Com : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqB9.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBB.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBC.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBD.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBE.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqBF.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC0.tmp -> Spyware.Cookie.Paycounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC2.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC3.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqC7.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP109\A0058897.dll -> Downloader.Agent.ga : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP110\A0059056.dll -> Downloader.Small.bpk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP110\A0059061.com -> Not-A-Virus.Hoax.Win32.EvidenceEliminator.a : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP110\A0059062.com -> Not-A-Virus.Hoax.Win32.EvidenceEliminator.a : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP110\A0059063.exe -> Worm.Locksky.m : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP111\A0059136.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP111\A0059138.exe -> Worm.Locksky.m : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP111\A0059139.exe -> Not-A-Virus.Hoax.Win32.EvidenceEliminator.a : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP111\A0060137.dll -> Downloader.Agent.kf : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP111\A0060141.exe -> Downloader.Small.rr : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP78\A0036805.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP78\A0036806.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP89\A0044494.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP89\A0044495.DLL -> Spyware.MyWebSearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP89\A0044531.DLL -> Spyware.MySearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP89\A0044539.dll -> Spyware.MySearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\html.exe -> Not-A-Virus.Hoax.Win32.EvidenceEliminator.a : Cleaned with backup
C:\WINDOWS\enco64.exe -> Logger.VB.ec : Cleaned with backup
C:\WINDOWS\exref.exe -> Not-A-Virus.Monitor.WinSpy.a : Cleaned with backup
C:\WINDOWS\itshta.exe -> Trojan.Small.cr : Cleaned with backup
C:\WINDOWS\ntsvc32.exe -> Not-A-Virus.Monitor.WinSpy.d : Cleaned with backup
C:\WINDOWS\outlookr.exe -> Logger.WinSpy.a : Cleaned with backup
C:\WINDOWS\syst32.exe -> Not-A-Virus.Monitor.WinSpy.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\2s7jjgm8en.dll -> Downloader.Small.rr : Cleaned with backup
C:\WINDOWS\SYSTEM32\ANSMTP.dll -> Trojan.Winspy.A : Cleaned with backup
C:\WINDOWS\SYSTEM32\MTC.dll -> Downloader.Agent.ga : Cleaned with backup
C:\WINDOWS\SYSTEM32\nlgjzzzjx2x09.dll -> Downloader.Small.rr : Cleaned with backup
C:\WINDOWS\SYSTEM32\shdocha.dll -> Not-A-Virus.Hoax.Win32.EvidenceEliminator.a : Cleaned with backup
C:\WINDOWS\winsyst32.exe -> Logger.WinSpy.a : Cleaned with backup
C:\WINDOWS\wldr.dll -> Downloader.Agent.kf : Cleaned with backup
C:\WINDOWS\wsdll.exe -> Logger.WinSpy.a : Cleaned with backup
::Report End
smitfiles.txt:
smitRem © log file
version 2.8
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 12/26/2005
The current time is: 12:43:08.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
wldr.dll
logfiles
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003
Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of explorer.exe
Starting registry repairs
Deleting files
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Panda:
Incident Status Location
Virus:W32/Locksky.M.worm Not disinfected C:\!KillBox\sysc.exe
Adware:adware/cws.searchmeup Not disinfected C:\new.exe
Adware:Adware/P2PNetworking Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp
Virus:Trojan Horse.AP2 Not disinfected C:\WINDOWS\dll\services.exe
Virus:Trj/Winspy.A Not disinfected C:\WINDOWS\mscomm.exe
Virus:Trojan Horse.AP2 Not disinfected C:\WINDOWS\rij12.exe
Adware:adware/spysheriff Not disinfected C:\WINDOWS\SYSTEM32\desktop.html
Adware:Adware/Tubby Not disinfected C:\WINDOWS\SYSTEM32\MTC.ini
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\SYSTEM32\urqom.dll