another hjt log;-)

Started by Ghost, January 10, 2007, 11:27:26 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Ghost

January 10, 2007, 11:27:26 PM
hi all,
infected pretty good.

Logfile of HijackThis v1.99.1
Scan saved at 6:21:45 PM, on 1/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AtariBanner] "C:\Program Files\Infogrames\Atari Anniversary Edition\Volume 2\Banner.exe" /0
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - blank (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168390728956
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

thank you,
G

Ghost

#1
January 11, 2007, 01:13:46 PM
i kept getting memory dumps but i finally have a AVG antivirus log that was run this morn;-)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   8:04:03 AM 1/11/2007

+ Scan result:   



C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.BargainBuddy : No action taken.
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : No action taken.
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/msexreg.exe -> Dialer.Small : No action taken.


::Report end

G

Corrine

#2
January 13, 2007, 01:37:09 AM
    Hi, Ghost.

    Please disable any real-time protection, as it may hinder the removal of some entries. You can re-enable it after the computer is clean.

    To disable SpywareGuard:

    Right click the running icon of Spywareguard, it will open the program.
    Then go to Menu, file, exit.
    Then confirm the program is closed.

    You also need to disable Windows Defender Real-time Protection.

To disable Windows Defender:

Open Defender.
Click on Tools > General Settings
Under Realtime Protection Options uncheck "Turn on real real-time protection (recommended)".
After you uncheck these, click on the Save button and close Windows Defender.
Right click on the Defender icon on the taskbar and select Shutdown.

These real-time protection programs can be enabled again when your system is clean.

Go to Add/Remove Programs and check for an uninstall option for the following:
C:/Program Files/NaviSearch and C:/Program Files/BullsEye Network

Check AVG Anti-Spyware for updates, boot to safe-mode. 

  • Launch AVG Anti-Spyware by double-clicking the icon on the desktop. IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning proccess.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan"
  • ewido will now begin the scanning process.  Be patient as this may take a little time.
  • While scanning, AVG Anti-Spyware will list any infections found on the left side.
  • When the scan is completed, the recommended action should be set to Quarantine.  If not click Recommended Action and set it there. Click the Apply all actions button. AVG will display "All actions have been applied" on the right side.
  • Click on "Save Report", then "Save Report As".  This will create a text file.  Make sure you know where to find this file again (like on the Desktop).
  • Close AVG Anti-Spyware.
Start HijackThis, close all open windows leaving only HijackThis running. Place a check against the following and press "Fix Checked":

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://public.windupdates.com/get_file.php?bt=ie&p=9eafaeb2a8e2a9518112bc6e0cedee1552dd4ecb1dd748bcf1cf4d42ced1394245b14c137e17952f3a6abadc3d36297b2b37:b70ac5aa8ec48e2e58a29296baabe1d6

While in safe mode, delete the folders C:/Program Files/NaviSearch and C:/Program Files/BullsEye Network, if found.

Restart in Normal Mode and double-click the HijackThis icon on your desktop.  Choose "Do a system scan and save logfile". 

Post a reply with the following logs and let us know how your PC is doing:[list=1]
  • AVG Anti-Spyware log
  • HijackThis log


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#3
January 13, 2007, 03:23:01 AM
hi corrine,
per your instructions;-)

avgas log in safe mode:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   10:09:15 PM 1/12/2007

+ Scan result:   



C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adv.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\mac80ex.idf/C:/Program Files/BullsEye Network/bin/adx.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Adware.BargainBuddy : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/mqexdlm.srg -> Adware.BargainBuddy : No action taken.
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : No action taken.
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : No action taken.
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/msexreg.exe -> Dialer.Small : No action taken.


::Report end

hjt log in normal mode after removing the '016 winupdates' item in safe mode:

Logfile of HijackThis v1.99.1
Scan saved at 10:16:04 PM, on 1/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - http://files.member.yahoo.com/dl/installs/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168390728956
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

it runs better but still sluggish;-).
G

Ghost

#4
January 13, 2007, 04:28:36 AM
hi corrine,
i just noticed that avgas didnt quarentine the objects. i did hit the button to 'apply all actions' and it is setup to quarentine all too. well thats par for this tower. things work correctly sometimes and sometimes they dont. ill scan again tomorrow am and post that log, checking to be sure it quartines all.
thanks again for your help!
G
by the way, i couldnt find the 2 folders you mentioned above. i did a windows search with options set to scan in hidden folders and sub folders, but found nothing in safe mode and normal mode. the memory dumps have stopped but now im getting the error screen from ms that wants to know if i want to send a report but of coures i dont.
thanks,
G

Ghost

#5
January 13, 2007, 08:49:09 AM
i couldnt go to sleep so i got up and ran avgas 4 times in safe mode. each time i click 'apply all actions' the screen flashes once and avgas shuts down. ive checked quarentine and nothing is there and yes i do have it set to quarentine;-).
G

Ghost

#6
January 13, 2007, 04:21:53 PM
hi,
ok here they are. they are kinda redundent but i wanted you to have all scans w/avgas and a fresh hjt log.

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   4:07:22 AM 1/13/2007

+ Scan result:   



C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   6:05:06 AM 1/13/2007

+ Scan result:   



C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   6:05:06 AM 1/13/2007

+ Scan result:   



C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   6:38:00 AM 01/13/2007

+ Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\kkkk -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LocalNRD -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Adverts -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\History -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLTitles -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLs -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\Settings -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\KeyWordFreqCap -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historys1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015609 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015807 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\da015609 AdInstant Transfer -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer\Settings -> Dialer.Generic : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   6:38:00 AM 01/13/2007

+ Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\kkkk -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LocalNRD -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Adverts -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\History -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLTitles -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLs -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\Settings -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\KeyWordFreqCap -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historys1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015609 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015807 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\da015609 AdInstant Transfer -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer\Settings -> Dialer.Generic : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   6:38:00 AM 01/13/2007

+ Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\kkkk -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LocalNRD -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Adverts -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Web Offer\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\ID -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\eZula\Setup\path -> Adware.Ezula : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\History -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLTitles -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\MRHistory\URLs -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Gator.com\DashBar\Settings -> Adware.Gator : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\KeyWordFreqCap -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\IST -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historyfiles -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\ISTbar\ISTbar\Historys1 -> Adware.ISTBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\CSLOA\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Netsetter\OSSProxy\Settings -> Adware.MarketScore : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Run\\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WhenU\ClockSync -> Adware.SaveNow : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015609 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\TsAdBot\Clients\da015807 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\TimeSink, Inc.\da015609 AdInstant Transfer -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1005\Software\WebSiteViewer\Settings -> Dialer.Generic : Cleaned with backup (quarantined).


::Report end

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   7:06:09 AM 01/13/2007

+ Scan result:   



C:\System Volume Information\_restore{580AD5EA-A733-4498-9FE8-C68895DCBD31}\RP2\A0000004.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{580AD5EA-A733-4498-9FE8-C68895DCBD31}\RP2\A0000004.vxd/C:/WINDOWS/System32/nvms.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Application Data\abia.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Application Data\cael.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Application Data\estc.exe -> Adware.PurityScan : Cleaned with backup (quarantined).
C:\Documents and Settings\Brandon.HOME\Start Menu\Programs\ClockSync -> Adware.WhenU : Cleaned with backup (quarantined).


::Report end


AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at:   10:48:00 AM 01/13/2007

+ Scan result:   



HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\salm -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\aaa_soft -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\aaa_soft\pppp -> Adware.Begin2Search : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\aaa_soft\ssss -> Adware.Begin2Search : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\II27.tmp -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\II29.tmp -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\II3E.tmp -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\randreco.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\thin.exe -> Adware.BetterInternet : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\ClrSch\FNuninstaller.EXE -> Adware.ClearSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions\LesbianToolbar -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions\LesbianToolbar\Search -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\NIX Solutions\LesbianToolbar\Search\MRU -> Adware.DailyToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\DownloadWare -> Adware.Downloadware : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\DownloadWare\Prefs -> Adware.Downloadware : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG\SearchBar -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG\SearchBar\History -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\SerG\SearchBar\History\Work -> Adware.EZ-Finder : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\dsktb -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\dsktb\DesktopToolbar -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button0 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\Config\button3 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\intexp\MyFileSystem2 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\clicks.dll -> Adware.Midaddle : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\nM.exe -> Adware.Midaddle : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Microsoft\Internet Explorer\MenuExt\Ebates -> Adware.MoneyMaker : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\New.net -> Adware.NewDotNet : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Bundles -> Adware.SecondThought : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc. -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients\ba104204 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients\da014251 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\TimeSink, Inc.\TsAdBot\Clients\da100008 -> Adware.TimeSink : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\VB and VBA Program Settings\VBouncer -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\VB and VBA Program Settings\VBouncer\Settings -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\djtopr1150.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\PlugIns -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\PlugIns\COMMON -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\Server -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\Toolbar\UrlSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\WinTools -> Adware.WebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\WinTools\URLSearchHooks -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\ICD1.tmp\SyncroAdX.dll -> Adware.WinAD : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\WildWinTracker.exe -> Adware.WinFetcher : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\zango -> Adware.Zango : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1957994488-839522115-1007\Software\LQ -> Dialer.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI4981.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI4981.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI49D9.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI49D9.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI788F.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THI788F.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THIEB4.tmp\polall1r.cab/polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\THIEB4.tmp\polall1r.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\polmx.cab/polmx.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\polmx.exe -> Downloader.Agent.ae : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\alchem.exe -> Downloader.Alchemic : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\iinstall.exe -> Downloader.IstBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\i25.tmp -> Downloader.Small.id : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~260569.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~281005.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~283099.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~298425.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~308441.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~366131.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~393097.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~398261.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~454966.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~457902.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~461222.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~464225.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~481279.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~511885.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~517066.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~517778.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~520468.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~521030.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~526405.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~527011.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~532601.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~546754.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~549199.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~551098.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~568430.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~578977.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~579286.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~582428.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~594920.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~598622.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~604279.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~605836.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~608111.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~609535.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~609655.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~610231.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~616623.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~618129.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~620040.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~624923.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~628902.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~632169.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~635748.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~641115.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~641724.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~666376.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~671123.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~674207.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~744305.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~746707.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~775576.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~778162.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~778816.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~780938.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~788678.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~795786.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~798433.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~799789.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~803706.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~811790.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~817153.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~819308.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\~822874.tmp -> Downloader.Wintool.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Local Settings\Temp\AcsProxyStub.exe -> Hijacker.Agent.di : Cleaned with backup (quarantined).
C:\Documents and Settings\Mariah.HOME\Cookies\mariah@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 11:14:48 AM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbusa.net/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [VTPreset] VTPreset.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1168390728956
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner - (no file)
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE

thanks,
G




Corrine

#7
January 13, 2007, 04:46:03 PM
Whew!  What a nightmare that had to be -- a sleepless night as well. 

It looks like you finally got through all of the accounts on the machine though.  Before returning the machine, I suggest a thorough cleaning of temp files for all accounts.  It would also be a good idea to clear the history and any saved form data. 

Installing IE7 for the additional security features would be a good idea as well.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Ghost

#8
January 15, 2007, 01:19:14 PM
hi corrine,
i want to thank you for your help. all is running great!!!!
have a god day,
G

Corrine

#9
January 16, 2007, 12:20:32 PM
Glad to hear it.  :)


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.
Print
Go Up Pages1
User actions