LandzDown Forum

hi all,
infected pretty good.

Logfile of HijackThis v1.99.1
Scan saved at 6:21:45 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168390728956
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

thank you,
G

Hi, Ghost.

Please disable any real-time protection, as it may hinder the removal of some entries. You can re-enable it after the computer is clean.

To disable SpywareGuard:

Right click the running icon of Spywareguard, it will open the program.
Then go to Menu, file, exit.
Then confirm the program is closed.

You also need to disable Windows Defender Real-time Protection.

To disable Windows Defender:

Open Defender.
Click on Tools > General Settings
Under Realtime Protection Options uncheck "Turn on real real-time protection (recommended)".
After you uncheck these, click on the Save button and close Windows Defender.
Right click on the Defender icon on the taskbar and select Shutdown.

These real-time protection programs can be enabled again when your system is clean.

Go to Add/Remove Programs and check for an uninstall option for the following:
C:/Program Files/NaviSearch and C:/Program Files/BullsEye Network

Check AVG Anti-Spyware for updates, boot to safe-mode. 

• Launch AVG Anti-Spyware by double-clicking the icon on the desktop. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  
• Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  
• ewido will now begin the scanning process.  Be patient as this may take a little time.
• While scanning, AVG Anti-Spyware will list any infections found on the left side.
• When the scan is completed, the recommended action should be set to Quarantine.  If not click Recommended Action and set it there. Click the Apply all actions button. AVG will display "All actions have been applied" on the right side.
  
• Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
• Close AVG Anti-Spyware.

Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked":

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6

While in safe mode, delete the folders C:/Program Files/NaviSearch and C:/Program Files/BullsEye Network, if found.

Restart in Normal Mode and double-click the HijackThis icon on your desktop.  Choose "Do a system scan and save logfile". 

Post a reply with the following logs and let us know how your PC is doing:[list=1]

• AVG Anti-Spyware log
• HijackThis log

hi corrine,
i just noticed that avgas didnt quarentine the objects. i did hit the button to 'apply all actions' and it is setup to quarentine all too. well thats par for this tower. things work correctly sometimes and sometimes they dont. ill scan again tomorrow am and post that log, checking to be sure it quartines all.
thanks again for your help!
G
by the way, i couldnt find the 2 folders you mentioned above. i did a windows search with options set to scan in hidden folders and sub folders, but found nothing in safe mode and normal mode. the memory dumps have stopped but now im getting the error screen from ms that wants to know if i want to send a report but of coures i dont.
thanks,
G

hi,
ok here they are. they are kinda redundent but i wanted you to have all scans w/avgas and a fresh hjt log.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   4:07:22 AM 1/13/2007

 + Scan result:   



C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:05:06 AM 1/13/2007

 + Scan result:   



C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:05:06 AM 1/13/2007

 + Scan result:   



C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:38:00 AM 01/13/2007

 + Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\kkkk -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LocalNRD -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Adverts -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\History -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLTitles -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLs -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\Settings -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\KeyWordFreqCap -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historys1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015609 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015807 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\da015609 AdInstant Transfer -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer\Settings -> Dialer.Generic : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:38:00 AM 01/13/2007

 + Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\kkkk -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LocalNRD -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Adverts -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\History -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLTitles -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLs -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\Settings -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\KeyWordFreqCap -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historys1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015609 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015807 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\da015609 AdInstant Transfer -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer\Settings -> Dialer.Generic : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   6:38:00 AM 01/13/2007

 + Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\kkkk -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LocalNRD -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Adverts -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\History -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLTitles -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLs -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\Settings -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\KeyWordFreqCap -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historys1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015609 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015807 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\da015609 AdInstant Transfer -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer\Settings -> Dialer.Generic : Cleaned with backup (quarantined).


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   7:06:09 AM 01/13/2007

 + Scan result:   



C:\System Volume Information\_restore{580AD5EA-A733-4498-9FE8-C68895DCBD31}\RP2\A0000004.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{580AD5EA-A733-4498-9FE8-C68895DCBD31}\RP2\A0000004.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Application Data\abia.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Application Data\cael.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Application Data\estc.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

 + Created at:   10:48:00 AM 01/13/2007

 + Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\II27.tmp -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\II29.tmp -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\II3E.tmp -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\thin.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\ClrSch\FNuninstaller.EXE -> Adware.ClearSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\DownloadWare -> Adware.Downloadware : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\DownloadWare\Prefs -> Adware.Downloadware : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\clicks.dll -> Adware.Midaddle : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\nM.exe -> Adware.Midaddle : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients\da014251 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients\da100008 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\djtopr1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\ICD1.tmp\SyncroAdX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\WildWinTracker.exe -> Adware.WinFetcher : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI4981.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI4981.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI49D9.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI49D9.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI788F.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI788F.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THIEB4.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THIEB4.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\polmx.cab/polmx.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\polmx.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\alchem.exe -> Downloader.Alchemic : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\iinstall.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\i25.tmp -> Downloader.Small.id : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~260569.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~281005.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~283099.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~298425.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~308441.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~366131.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~393097.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~398261.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~454966.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~457902.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~461222.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~464225.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~481279.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~511885.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~517066.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~517778.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~520468.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~521030.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~526405.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~527011.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~532601.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~546754.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~549199.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~551098.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~568430.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~578977.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~579286.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~582428.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~594920.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~598622.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~604279.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~605836.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~608111.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~609535.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~609655.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~610231.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~616623.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~618129.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~620040.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~624923.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~628902.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~632169.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~635748.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~641115.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~641724.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~666376.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~671123.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~674207.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~744305.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~746707.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~775576.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~778162.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~778816.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~780938.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~788678.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~795786.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~798433.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~799789.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~803706.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~811790.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~817153.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~819308.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~822874.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\AcsProxyStub.exe -> Hijacker.Agent.di : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Cookies\mariah@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:14:48 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168390728956
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

thanks,
G

hi corrine,
 i want to thank you for your help. all is running great!!!!
have a god day,
G