Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

3jewels

31 Posts

3994

November 19th, 2007 04:00

Helpppppp

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:48 AM, on 11/19/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\avp.exe
C:\WINDOWS\mgrs.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2F02D978-0FF6-80F7-60BB-0426224AB7B3} - C:\Program Files\mgadozsv\fzmssdoa.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Julia\LOCALS~1\Temp\2006430115514_mcinfo.exe /insfin
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [avp] C:\WINDOWS\avp.exe
O4 - HKLM\..\Run: [smgr] mgrs.exe
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKLM\..\Run: [pyrinkbm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pyrinkbm.dll"
O4 - HKLM\..\Run: [lwdapyju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lwdapyju.dll"
O4 - HKLM\..\Run: [buxyzkvm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\buxyzkvm.dll"
O4 - HKLM\..\Run: [tsjuxydu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tsjuxydu.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Global Startup: .protected
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 8516 bytes

3jewels

31 Posts

November 19th, 2007 14:00

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/19/2007 at 08:42 AM
Application Version : 3.9.1008
Core Rules Database Version : 3346
Trace Rules Database Version: 1347
Scan type       : Complete Scan
Total Scan Time : 00:44:48
Memory items scanned      : 453
Memory threats detected   : 12
Registry items scanned    : 5700
Registry threats detected : 395
File items scanned        : 45177
File threats detected     : 195
Trojan.Downloader-XLIB
 C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL
 C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL
Trojan.Downloader-Gen/MobRules
 C:\PROGRAM FILES\MGADOZSV\FZMSSDOA.DLL
 C:\PROGRAM FILES\MGADOZSV\FZMSSDOA.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PYRINKBM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PYRINKBM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LWDAPYJU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LWDAPYJU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BUXYZKVM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BUXYZKVM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TSJUXYDU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TSJUXYDU.DLL
Trojan.Downloader-Gen/AVP
 C:\WINDOWS\AVP.EXE
 C:\WINDOWS\AVP.EXE
 [avp] C:\WINDOWS\AVP.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029350.EXE
 C:\WINDOWS\Prefetch\AVP.EXE-023E55A4.pf
Trojan.Downloader-MGRS
 C:\WINDOWS\MGRS.EXE
 C:\WINDOWS\MGRS.EXE
 [smgr] C:\WINDOWS\MGRS.EXE
 C:\WINDOWS\Prefetch\MGRS.EXE-2F0B7DD9.pf
Trojan.Downloader-NoName
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\6432.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\6432.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\SERVER16.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\SERVER16.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\MONSYS.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\MONSYS.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\16SERVER.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\16SERVER.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\16SERVER.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\6432.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\LOOKMON.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\MONAGENT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\MONSYS.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SERVER16.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SVAGENT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SYN32.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SYS16.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\WINSYN.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZQQBBUH0\HLPSRV[1].EXE
 C:\PROGRAM FILES\HLPSRV.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC23.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029360.EXE
 C:\WINDOWS\Prefetch\16SERVER.EXE-1FB3AB28.pf
 C:\WINDOWS\Prefetch\6432.EXE-34CCC361.pf
 C:\WINDOWS\Prefetch\HLPSRV.EXE-2A21BA7B.pf
 C:\WINDOWS\Prefetch\MONSYS.EXE-3730A5D6.pf
 C:\WINDOWS\Prefetch\SERVER16.EXE-27ABD9C8.pf
Trojan.Downloader-Gen/CinBroom
 [Printer] C:\WINDOWS\SYSTEM32\PRINTER.EXE
 C:\WINDOWS\SYSTEM32\PRINTER.EXE
Unclassified.Unknown Origin
 HKLM\Software\Classes\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#t
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
Adware.EZula/TopText
 HKLM\Software\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\InprocServer32
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\ProgID
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\VersionIndependentProgID
 C:\PROGRA~1\EZULA\EABH.DLL
Adware.E404 Helper/Hij
 HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\ProgID
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\Programmable
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\TypeLib
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\VersionIndependentProgID
 C:\PROGRAM FILES\E404 HELPER\E404.V5.DLL
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\E404.e404mgr
 HKCR\E404.e404mgr\CLSID
 HKCR\E404.e404mgr\CurVer
 HKCR\E404.e404mgr.1
 HKCR\E404.e404mgr.1\CLSID
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version
 C:\Program Files\E404 Helper
Adware.Tracking Cookie
 C:\Documents and Settings\HCH\Cookies\hch@server.iad.liveperson[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@hypertracker[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@msnportal.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@klik.klikadvertising[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@cgi-bin[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@pro-market[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adrevolver[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@bizrate[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@findwhat[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67809844[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@revsci[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@networksolutions.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adecn[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@sourceinterlink.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adserver[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@atdmt[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@enhance[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@ad.yieldmanager[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@media.adrevolver[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@advancedcleaner[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@system[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@overture[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@web4.realtracker[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[3].txt
 C:\Documents and Settings\HCH\Cookies\hch@tribalfusion[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@specificclick[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@toseeka[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@statcounter[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@realmedia[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@heavycom.122.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@klik.klikadvertising[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@pro-market[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@toseeka[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@tracker[1].txt
Adware.Ezula
 C:\WINDOWS\eZinstall.exe
 HKCR\EZulaAgent.eZulaCtrlHost
 HKCR\EZulaAgent.eZulaCtrlHost\CLSID
 HKCR\EZulaAgent.eZulaCtrlHost\CurVer
 HKCR\EZulaAgent.eZulaCtrlHost.1
 HKCR\EZulaAgent.eZulaCtrlHost.1\CLSID
 HKCR\eZulaAgent.IEObject
 HKCR\eZulaAgent.IEObject\CLSID
 HKCR\eZulaAgent.IEObject\CurVer
 HKCR\eZulaAgent.IEObject.1
 HKCR\eZulaAgent.IEObject.1\CLSID
 HKCR\EZulaAgent.PlugProt
 HKCR\EZulaAgent.PlugProt\CLSID
 HKCR\EZulaAgent.PlugProt\CurVer
 HKCR\EZulaAgent.PlugProt.1
 HKCR\EZulaAgent.PlugProt.1\CLSID
 HKCR\eZulaAgent.ToolBarBand
 HKCR\eZulaAgent.ToolBarBand\CLSID
 HKCR\eZulaAgent.ToolBarBand.1
 HKCR\eZulaAgent.ToolBarBand.1\CLSID
 HKCR\EZulaBootExe.InstallCtrl
 HKCR\EZulaBootExe.InstallCtrl\CLSID
 HKCR\EZulaBootExe.InstallCtrl\CurVer
 HKCR\EZulaBootExe.InstallCtrl.1
 HKCR\EZulaBootExe.InstallCtrl.1\CLSID
 HKCR\EZulaFSearchEng.eZulaCode
 HKCR\EZulaFSearchEng.eZulaCode\CLSID
 HKCR\EZulaFSearchEng.eZulaCode\CurVer
 HKCR\EZulaFSearchEng.eZulaCode.1
 HKCR\EZulaFSearchEng.eZulaCode.1\CLSID
 HKCR\EZulaFSearchEng.eZulaHash
 HKCR\EZulaFSearchEng.eZulaHash\CLSID
 HKCR\EZulaFSearchEng.eZulaHash\CurVer
 HKCR\EZulaFSearchEng.eZulaHash.1
 HKCR\EZulaFSearchEng.eZulaHash.1\CLSID
 HKCR\EZulaFSearchEng.eZulaSearch
 HKCR\EZulaFSearchEng.eZulaSearch\CLSID
 HKCR\EZulaFSearchEng.eZulaSearch\CurVer
 HKCR\EZulaFSearchEng.eZulaSearch.1
 HKCR\EZulaFSearchEng.eZulaSearch.1\CLSID
 HKCR\EZulaFSearchEng.PopupDisplay
 HKCR\EZulaFSearchEng.PopupDisplay\CLSID
 HKCR\EZulaFSearchEng.PopupDisplay\CurVer
 HKCR\EZulaFSearchEng.PopupDisplay.1
 HKCR\EZulaFSearchEng.PopupDisplay.1\CLSID
 HKCR\EZulaFSearchEng.ResultHelper
 HKCR\EZulaFSearchEng.ResultHelper\CLSID
 HKCR\EZulaFSearchEng.ResultHelper\CurVer
 HKCR\EZulaFSearchEng.ResultHelper.1
 HKCR\EZulaFSearchEng.ResultHelper.1\CLSID
 HKCR\EZulaFSearchEng.SearchHelper
 HKCR\EZulaFSearchEng.SearchHelper\CLSID
 HKCR\EZulaFSearchEng.SearchHelper\CurVer
 HKCR\EZulaFSearchEng.SearchHelper.1
 HKCR\EZulaFSearchEng.SearchHelper.1\CLSID
 HKCR\EZulaMain.eZulaSearchPipe
 HKCR\EZulaMain.eZulaSearchPipe\CLSID
 HKCR\EZulaMain.eZulaSearchPipe\CurVer
 HKCR\EZulaMain.eZulaSearchPipe.1
 HKCR\EZulaMain.eZulaSearchPipe.1\CLSID
 HKCR\EZulaMain.TrayIConM
 HKCR\EZulaMain.TrayIConM\CLSID
 HKCR\EZulaMain.TrayIConM\CurVer
 HKCR\EZulaMain.TrayIConM.1
 HKCR\EZulaMain.TrayIConM.1\CLSID

3jewels

31 Posts

November 19th, 2007 15:00


 C:\WINDOWS\eZinstall.exe
 HKCR\EZulaAgent.eZulaCtrlHost
 HKCR\EZulaAgent.eZulaCtrlHost\CLSID
 HKCR\EZulaAgent.eZulaCtrlHost\CurVer
 HKCR\EZulaAgent.eZulaCtrlHost.1
 HKCR\EZulaAgent.eZulaCtrlHost.1\CLSID
 HKCR\eZulaAgent.IEObject
 HKCR\eZulaAgent.IEObject\CLSID
 HKCR\eZulaAgent.IEObject\CurVer
 HKCR\eZulaAgent.IEObject.1
 HKCR\eZulaAgent.IEObject.1\CLSID
 HKCR\EZulaAgent.PlugProt
 HKCR\EZulaAgent.PlugProt\CLSID
 HKCR\EZulaAgent.PlugProt\CurVer
 HKCR\EZulaAgent.PlugProt.1
 HKCR\EZulaAgent.PlugProt.1\CLSID
 HKCR\eZulaAgent.ToolBarBand
 HKCR\eZulaAgent.ToolBarBand\CLSID
 HKCR\eZulaAgent.ToolBarBand.1
 HKCR\eZulaAgent.ToolBarBand.1\CLSID
 HKCR\EZulaBootExe.InstallCtrl
 HKCR\EZulaBootExe.InstallCtrl\CLSID
 HKCR\EZulaBootExe.InstallCtrl\CurVer
 HKCR\EZulaBootExe.InstallCtrl.1
 HKCR\EZulaBootExe.InstallCtrl.1\CLSID
 HKCR\EZulaFSearchEng.eZulaCode
 HKCR\EZulaFSearchEng.eZulaCode\CLSID
 HKCR\EZulaFSearchEng.eZulaCode\CurVer
 HKCR\EZulaFSearchEng.eZulaCode.1
 HKCR\EZulaFSearchEng.eZulaCode.1\CLSID
 HKCR\EZulaFSearchEng.eZulaHash
 HKCR\EZulaFSearchEng.eZulaHash\CLSID
 HKCR\EZulaFSearchEng.eZulaHash\CurVer
 HKCR\EZulaFSearchEng.eZulaHash.1
 HKCR\EZulaFSearchEng.eZulaHash.1\CLSID
 HKCR\EZulaFSearchEng.eZulaSearch
 HKCR\EZulaFSearchEng.eZulaSearch\CLSID
 HKCR\EZulaFSearchEng.eZulaSearch\CurVer
 HKCR\EZulaFSearchEng.eZulaSearch.1
 HKCR\EZulaFSearchEng.eZulaSearch.1\CLSID
 HKCR\EZulaFSearchEng.PopupDisplay
 HKCR\EZulaFSearchEng.PopupDisplay\CLSID
 HKCR\EZulaFSearchEng.PopupDisplay\CurVer
 HKCR\EZulaFSearchEng.PopupDisplay.1
 HKCR\EZulaFSearchEng.PopupDisplay.1\CLSID
 HKCR\EZulaFSearchEng.ResultHelper
 HKCR\EZulaFSearchEng.ResultHelper\CLSID
 HKCR\EZulaFSearchEng.ResultHelper\CurVer
 HKCR\EZulaFSearchEng.ResultHelper.1
 HKCR\EZulaFSearchEng.ResultHelper.1\CLSID
 HKCR\EZulaFSearchEng.SearchHelper
 HKCR\EZulaFSearchEng.SearchHelper\CLSID
 HKCR\EZulaFSearchEng.SearchHelper\CurVer
 HKCR\EZulaFSearchEng.SearchHelper.1
 HKCR\EZulaFSearchEng.SearchHelper.1\CLSID
 HKCR\EZulaMain.eZulaSearchPipe
 HKCR\EZulaMain.eZulaSearchPipe\CLSID
 HKCR\EZulaMain.eZulaSearchPipe\CurVer
 HKCR\EZulaMain.eZulaSearchPipe.1
 HKCR\EZulaMain.eZulaSearchPipe.1\CLSID
 HKCR\EZulaMain.TrayIConM
 HKCR\EZulaMain.TrayIConM\CLSID
 HKCR\EZulaMain.TrayIConM\CurVer
 HKCR\EZulaMain.TrayIConM.1
 HKCR\EZulaMain.TrayIConM.1\CLSID

3jewels

31 Posts

November 19th, 2007 15:00


 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\InprocServer32
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\InprocServer32#ThreadingModel
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\ProgID
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\Programmable
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\TypeLib
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\VersionIndependentProgID
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}#AppID
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\LocalServer32
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\ProgID
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\Programmable
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\TypeLib
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\VersionIndependentProgID
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}#AppID
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\LocalServer32
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\ProgID
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\Programmable
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\TypeLib
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\VersionIndependentProgID
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}#AppID
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\LocalServer32
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\InprocServer32
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\InprocServer32#ThreadingModel
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\ProgID
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\Programmable
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\TypeLib
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\VersionIndependentProgID
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\0
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\0\win32
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\FLAGS
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\HELPDIR
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\ProxyStubClsid
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\ProxyStubClsid32
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\TypeLib
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\TypeLib#Version
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\TypeLib
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\ProxyStubClsid
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\ProxyStubClsid32
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\TypeLib
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\TypeLib#Version
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\TypeLib
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\TypeLib
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\TypeLib
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\TypeLib
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\TypeLib#Version
 HKCR\AppId\eZulaBootExe.EXE
 HKCR\AppId\eZulaBootExe.EXE#AppID
 HKCR\AppId\eZulaMain.EXE
 HKCR\AppId\eZulaMain.EXE#AppID
 HKCR\AppId\{8A044397-5DA2-11D4-B185-0050DAB79376}
 HKCR\AppId\{C0335198-6755-11D4-8A73-0050DA2EE1BE}
 HKCR\EZulaMain.eZulaPopSearchPipe
 HKCR\EZulaMain.eZulaPopSearchPipe\CLSID
 HKCR\EZulaMain.eZulaPopSearchPipe\CurVer
 HKCR\EZulaMain.eZulaPopSearchPipe.1
 HKCR\EZulaMain.eZulaPopSearchPipe.1\CLSID
 HKCR\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}
 HKCR\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}\InprocServer32
 HKCR\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}\InprocServer32#ThreadingModel
 HKCR\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}\ProgID
 HKCR\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}\Programmable
 HKCR\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}\TypeLib
 HKCR\CLSID\{25630B47-53C6-4E66-A945-9D7B6B2171FF}\VersionIndependentProgID
 HKCR\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}
 HKCR\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}\InprocServer32
 HKCR\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}\InprocServer32#ThreadingModel
 HKCR\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}\ProgID
 HKCR\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}\Programmable
 HKCR\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}\TypeLib
 HKCR\CLSID\{370F6354-41C4-4FA6-A2DF-1BA57EE0FBB9}\VersionIndependentProgID
 HKCR\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}
 HKCR\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}#AppID
 HKCR\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}\LocalServer32
 HKCR\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}\ProgID
 HKCR\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}\Programmable
 HKCR\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8}\VersionIndependentProgID
 HKCR\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}
 HKCR\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}\InprocServer32
 HKCR\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}\InprocServer32#ThreadingModel
 HKCR\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}\ProgID
 HKCR\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}\Programmable
 HKCR\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}\TypeLib
 HKCR\CLSID\{788C6F6F-C2EA-4A63-9C38-CE7D8F43BCE4}\VersionIndependentProgID
 HKCR\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}
 HKCR\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}\InprocServer32
 HKCR\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}\InprocServer32#ThreadingModel
 HKCR\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}\ProgID
 HKCR\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}\Programmable
 HKCR\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}\TypeLib
 HKCR\CLSID\{78BCF937-45B0-40A7-9391-DCC03420DB35}\VersionIndependentProgID
 HKCR\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}
 HKCR\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}\InprocServer32
 HKCR\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}\InprocServer32#ThreadingModel
 HKCR\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}\ProgID
 HKCR\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}\Programmable
 HKCR\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}\TypeLib
 HKCR\CLSID\{9CFA26C0-81DA-4C9D-A501-F144A4A000FA}\VersionIndependentProgID
 HKCR\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}
 HKCR\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}#AppID
 HKCR\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}\LocalServer32
 HKCR\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}\ProgID
 HKCR\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}\Programmable
 HKCR\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}\TypeLib
 HKCR\CLSID\{E7A05400-4CFA-4DF3-A643-E40F86E8E3D7}\VersionIndependentProgID
 HKCR\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}
 HKCR\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}\InprocServer32
 HKCR\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}\InprocServer32#ThreadingModel
 HKCR\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}\ProgID
 HKCR\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}\Programmable
 HKCR\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}\TypeLib
 HKCR\CLSID\{F75521B8-76F1-4A4D-84B1-9E642E9C51D0}\VersionIndependentProgID
 HKCR\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}
 HKCR\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\1.0
 HKCR\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\1.0\0
 HKCR\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\1.0\0\win32
 HKCR\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\1.0\FLAGS
 HKCR\TypeLib\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\1.0\HELPDIR
 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}
 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0
 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\0
 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\0\win32
 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\FLAGS
 HKCR\TypeLib\{9CFA26C1-81DA-4C9D-A501-F144A4A000FA}\1.0\HELPDIR
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32#ThreadingModel
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance#CLSID
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag#Url
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented

3jewels

31 Posts

November 19th, 2007 15:00

I hope this is what is needed to take care of this THING!!!!!
 
I apprecaite it, can't do my home work so will someone write me a note!!!!!????????
 
thanks

3jewels

31 Posts

November 19th, 2007 15:00


 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32#ThreadingModel
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance#CLSID
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag#Url
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32#ThreadingModel
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance#CLSID
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag#Url
 C:\Program Files\Ezula\basis.dst
 C:\Program Files\Ezula\basis.kwd
 C:\Program Files\Ezula\basis.pu
 C:\Program Files\Ezula\basis.rst
 C:\Program Files\Ezula\CHCON.dll
 C:\Program Files\Ezula\genun.ez
 C:\Program Files\Ezula\Images\arrow1.gif
 C:\Program Files\Ezula\Images\arrow2.gif
 C:\Program Files\Ezula\Images\button_small.gif
 C:\Program Files\Ezula\Images\icon.gif
 C:\Program Files\Ezula\Images\Layer_Bottom.gif
 C:\Program Files\Ezula\Images\Layer_Center.gif
 C:\Program Files\Ezula\Images\Layer_Top.gif
 C:\Program Files\Ezula\Images\new.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_divider.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Left.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Off.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_On.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Right.gif
 C:\Program Files\Ezula\Images\PopUp_Top.gif
 C:\Program Files\Ezula\Images\PopUp_Top_Bottom.gif
 C:\Program Files\Ezula\Images\Side_B.gif
 C:\Program Files\Ezula\Images\Side_L.gif
 C:\Program Files\Ezula\Images\Side_R.gif
 C:\Program Files\Ezula\Images\Side_Top.gif
 C:\Program Files\Ezula\Images\spacer.gif
 C:\Program Files\Ezula\Images\Thumbs.db
 C:\Program Files\Ezula\Images
 C:\Program Files\Ezula\INSTALL.LOG
 C:\Program Files\Ezula\legend.lgn
 C:\Program Files\Ezula\mmod.exe
 C:\Program Files\Ezula\param.ez
 C:\Program Files\Ezula\rwds.rst
 C:\Program Files\Ezula\search.src
 C:\Program Files\Ezula\seng.dll
 C:\Program Files\Ezula\UNWISE.EXE
 C:\Program Files\Ezula\upgrade.vrn
 C:\Program Files\Ezula\version.vrn
 C:\Program Files\Ezula\wndbannn.src
 C:\Program Files\Ezula
 C:\Program Files\Web Offer\apev.exe
 C:\Program Files\Web Offer\basisp.dst
 C:\Program Files\Web Offer\basisp.kwd
 C:\Program Files\Web Offer\basisp.pu
 C:\Program Files\Web Offer\basisp.rst
 C:\Program Files\Web Offer\CHPON.dll
 C:\Program Files\Web Offer\eapbh.dll
 C:\Program Files\Web Offer\gendis.ez
 C:\Program Files\Web Offer\INSTALL.LOG
 C:\Program Files\Web Offer\paramp.ez
 C:\Program Files\Web Offer\rwdsp.rst
 C:\Program Files\Web Offer\sepng.dll
 C:\Program Files\Web Offer\UNWISE.EXE
 C:\Program Files\Web Offer\upgradep.vrn
 C:\Program Files\Web Offer\versionp.vrn
 C:\Program Files\Web Offer\wndbannnp.src
 C:\Program Files\Web Offer\wo.exe
 C:\Program Files\Web Offer
 C:\WINDOWS\WOINSTALL.EXE
Trojan.NewDotNet
 HKU\.DEFAULT\Software\New.net
 HKU\S-1-5-18\Software\New.net
 C:\WINDOWS\NDNUNINSTALL6_38.EXE
Malware.Ultimate Defender
 HKLM\Software\Ultimate Defender
 C:\DOCUMENTS AND SETTINGS\HCH\APPLICATION DATA\TRANT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2LOFIXY5\UCLEANER_SETUP[1].EXE
 C:\PROGRAM FILES\UCLEANER_SETUP.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC21.EXE
 C:\WINDOWS\Prefetch\TRANT.EXE-08CF80AD.pf
 C:\WINDOWS\Prefetch\UCLEANER_SETUP.EXE-0E6DB6A7.pf
Malware.Ultimate Cleaner
 HKLM\Software\Ultimate Cleaner
 C:\Program Files\Ultimate Cleaner
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\backup
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\logs
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\settings.dat
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner
Adware.Search2Find
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\FIND SPYWARE REMOVER.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\FREE ONLINE DATING.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\GO TO CASINO.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ED1EJU1C\S2F[1].EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029362.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029365.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029367.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029369.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029384.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029386.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029388.LNK
Trojan.Unknown Origin
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2LOFIXY5\3269[1].EXE
 C:\PROGRAM FILES\3269.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC24.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029361.EXE
 C:\WINDOWS\Prefetch\3269.EXE-2AF1D23C.pf
Trojan.Downloader-Gen/IX
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\43ZNI455\MSC[1].EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029363.EXE
Trojan.Downloader-FindFast/Fake
 C:\DOCUMENTS AND SETTINGS\HCH\START MENU\PROGRAMS\STARTUP\FINDFAST.EXE
Trojan.NewDotNet-Installer
 C:\PROGRAM FILES\FILESUBMIT\ALWAYS AND FOREVER\NNEZTA388.EXE
 C:\PROGRAM FILES\FILESUBMIT\TIGGER AND PIGLET ON ICE WITH SNOW FALLING\NNEZTA388.EXE
 C:\PROGRAM FILES\FILESUBMIT\VERY SAVER\NNEZTA388.EXE
MyQuickSearch Toolbar
 C:\PROGRAM FILES\QUICKSEARCH\QUICKSEARCHBAR1_27.DLL
InstaFinder Installer
 C:\WINDOWS\SYSTEM32\INSTAFINDER_INST.EXE
Trace.Known Threat Sources
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\e404[1].exe
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[5].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ED1EJU1C\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\WRQNM1E9\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\functions.js[1].php
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\Q3WRIHGN\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\VFDRJHK4\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\KHGXAV09\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\AX3OP8FQ\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[3].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[4].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\VFDRJHK4\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\43ZNI455\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ED1EJU1C\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[3].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\8TQNQRSH\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\43ZNI455\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\2VABI9YF\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\AX3OP8FQ\get_lic[1].htm

bamajim

10.4K Posts

November 19th, 2007 20:00

3jewels
 
Rerun Hijackthis and post a fresh Hijackthis log.
 
And post it as a reply to this thread
 



Microsoft MVP Windows-Security



"The world is what you make of it"



3jewels

31 Posts

November 20th, 2007 02:00

SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/19/2007 at 10:35 PM
Application Version : 3.9.1008
Core Rules Database Version : 3346
Trace Rules Database Version: 1347
Scan type       : Complete Scan
Total Scan Time : 00:41:40
Memory items scanned      : 402
Memory threats detected   : 1
Registry items scanned    : 5674
Registry threats detected : 2
File items scanned        : 45388
File threats detected     : 30
Worm.Rbot Variant
 C:\WINDOWS\SYSTEM32\SPOOLVS.EXE
 C:\WINDOWS\SYSTEM32\SPOOLVS.EXE
 [Spoolsv] C:\WINDOWS\SYSTEM32\SPOOLVS.EXE
Trojan.Downloader-Gen/CinBroom
 [Printer] C:\WINDOWS\SYSTEM32\PRINTER.EXE
 C:\WINDOWS\SYSTEM32\PRINTER.EXE
Adware.Tracking Cookie
 C:\Documents and Settings\HCH\Cookies\hch@msnportal.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@apmebf[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@heavycom.122.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@mediaplex[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@atdmt[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@84819100[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@ads.pointroll[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@ads.as4x.tmcs[1].txt
Trojan.Downloader-FindFast/Fake
 C:\DOCUMENTS AND SETTINGS\HCH\START MENU\PROGRAMS\STARTUP\FINDFAST.EXE
Trojan.Downloader-Gen/AVP
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029390.EXE
Trojan.Downloader-NoName
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029392.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029393.EXE
Adware.eZula
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029396.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029410.EXE
Web Offer Module
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029403.EXE
Trojan.NewDotNet
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029411.EXE
Malware.Ultimate Defender
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029412.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029413.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029414.EXE
Adware.Search2Find
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029415.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029416.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029417.LNK
Trojan.Unknown Origin
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029418.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029419.EXE
Trojan.NewDotNet-Installer
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029421.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029422.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029423.EXE
MyQuickSearch Toolbar
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP303\A0029424.DLL

bamajim

10.4K Posts

November 20th, 2007 13:00


3jewels

What I requested was a fresh Hijackthis log, what you posted was a Super Anti Spyware log.

Please post the fresh Hijackthis log







Microsoft MVP Windows-Security



"The world is what you make of it"





3jewels

31 Posts

November 23rd, 2007 00:00


 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32#ThreadingModel
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance#CLSID
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag#Url
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32#ThreadingModel
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance#CLSID
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag#Url
 C:\Program Files\Ezula\basis.dst
 C:\Program Files\Ezula\basis.kwd
 C:\Program Files\Ezula\basis.pu
 C:\Program Files\Ezula\basis.rst
 C:\Program Files\Ezula\CHCON.dll
 C:\Program Files\Ezula\genun.ez
 C:\Program Files\Ezula\Images\arrow1.gif
 C:\Program Files\Ezula\Images\arrow2.gif
 C:\Program Files\Ezula\Images\button_small.gif
 C:\Program Files\Ezula\Images\icon.gif
 C:\Program Files\Ezula\Images\Layer_Bottom.gif
 C:\Program Files\Ezula\Images\Layer_Center.gif
 C:\Program Files\Ezula\Images\Layer_Top.gif
 C:\Program Files\Ezula\Images\new.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_divider.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Left.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Off.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_On.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Right.gif
 C:\Program Files\Ezula\Images\PopUp_Top.gif
 C:\Program Files\Ezula\Images\PopUp_Top_Bottom.gif
 C:\Program Files\Ezula\Images\Side_B.gif
 C:\Program Files\Ezula\Images\Side_L.gif
 C:\Program Files\Ezula\Images\Side_R.gif
 C:\Program Files\Ezula\Images\Side_Top.gif
 C:\Program Files\Ezula\Images\spacer.gif
 C:\Program Files\Ezula\Images\Thumbs.db
 C:\Program Files\Ezula\Images
 C:\Program Files\Ezula\INSTALL.LOG
 C:\Program Files\Ezula\legend.lgn
 C:\Program Files\Ezula\mmod.exe
 C:\Program Files\Ezula\param.ez
 C:\Program Files\Ezula\rwds.rst
 C:\Program Files\Ezula\search.src
 C:\Program Files\Ezula\seng.dll
 C:\Program Files\Ezula\UNWISE.EXE
 C:\Program Files\Ezula\upgrade.vrn
 C:\Program Files\Ezula\version.vrn
 C:\Program Files\Ezula\wndbannn.src
 C:\Program Files\Ezula
 C:\Program Files\Web Offer\apev.exe
 C:\Program Files\Web Offer\basisp.dst
 C:\Program Files\Web Offer\basisp.kwd
 C:\Program Files\Web Offer\basisp.pu
 C:\Program Files\Web Offer\basisp.rst
 C:\Program Files\Web Offer\CHPON.dll
 C:\Program Files\Web Offer\eapbh.dll
 C:\Program Files\Web Offer\gendis.ez
 C:\Program Files\Web Offer\INSTALL.LOG
 C:\Program Files\Web Offer\paramp.ez
 C:\Program Files\Web Offer\rwdsp.rst
 C:\Program Files\Web Offer\sepng.dll
 C:\Program Files\Web Offer\UNWISE.EXE
 C:\Program Files\Web Offer\upgradep.vrn
 C:\Program Files\Web Offer\versionp.vrn
 C:\Program Files\Web Offer\wndbannnp.src
 C:\Program Files\Web Offer\wo.exe
 C:\Program Files\Web Offer
 C:\WINDOWS\WOINSTALL.EXE
Trojan.NewDotNet
 HKU\.DEFAULT\Software\New.net
 HKU\S-1-5-18\Software\New.net
 C:\WINDOWS\NDNUNINSTALL6_38.EXE
Malware.Ultimate Defender
 HKLM\Software\Ultimate Defender
 C:\DOCUMENTS AND SETTINGS\HCH\APPLICATION DATA\TRANT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2LOFIXY5\UCLEANER_SETUP[1].EXE
 C:\PROGRAM FILES\UCLEANER_SETUP.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC21.EXE
 C:\WINDOWS\Prefetch\TRANT.EXE-08CF80AD.pf
 C:\WINDOWS\Prefetch\UCLEANER_SETUP.EXE-0E6DB6A7.pf
Malware.Ultimate Cleaner
 HKLM\Software\Ultimate Cleaner
 C:\Program Files\Ultimate Cleaner
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\backup
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\logs
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\settings.dat
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner
Adware.Search2Find
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\FIND SPYWARE REMOVER.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\FREE ONLINE DATING.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\GO TO CASINO.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ED1EJU1C\S2F[1].EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029362.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029365.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029367.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029369.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029384.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029386.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029388.LNK
Trojan.Unknown Origin
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2LOFIXY5\3269[1].EXE
 C:\PROGRAM FILES\3269.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC24.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029361.EXE
 C:\WINDOWS\Prefetch\3269.EXE-2AF1D23C.pf
Trojan.Downloader-Gen/IX
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\43ZNI455\MSC[1].EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029363.EXE
Trojan.Downloader-FindFast/Fake
 C:\DOCUMENTS AND SETTINGS\HCH\START MENU\PROGRAMS\STARTUP\FINDFAST.EXE
Trojan.NewDotNet-Installer
 C:\PROGRAM FILES\FILESUBMIT\ALWAYS AND FOREVER\NNEZTA388.EXE
 C:\PROGRAM FILES\FILESUBMIT\TIGGER AND PIGLET ON ICE WITH SNOW FALLING\NNEZTA388.EXE
 C:\PROGRAM FILES\FILESUBMIT\VERY SAVER\NNEZTA388.EXE
MyQuickSearch Toolbar
 C:\PROGRAM FILES\QUICKSEARCH\QUICKSEARCHBAR1_27.DLL
InstaFinder Installer
 C:\WINDOWS\SYSTEM32\INSTAFINDER_INST.EXE
Trace.Known Threat Sources
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\e404[1].exe
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[5].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ED1EJU1C\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\WRQNM1E9\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\functions.js[1].php
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\Q3WRIHGN\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\VFDRJHK4\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\KHGXAV09\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\AX3OP8FQ\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[3].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[4].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\VFDRJHK4\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\43ZNI455\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ED1EJU1C\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[3].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\8TQNQRSH\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\43ZNI455\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\2VABI9YF\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\AX3OP8FQ\get_lic[1].htm
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 11/19/2007 at 08:42 AM
Application Version : 3.9.1008
Core Rules Database Version : 3346
Trace Rules Database Version: 1347
Scan type       : Complete Scan
Total Scan Time : 00:44:48
Memory items scanned      : 453
Memory threats detected   : 12
Registry items scanned    : 5700
Registry threats detected : 395
File items scanned        : 45177
File threats detected     : 195
Trojan.Downloader-XLIB
 C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL
 C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL
Trojan.Downloader-Gen/MobRules
 C:\PROGRAM FILES\MGADOZSV\FZMSSDOA.DLL
 C:\PROGRAM FILES\MGADOZSV\FZMSSDOA.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PYRINKBM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PYRINKBM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LWDAPYJU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LWDAPYJU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BUXYZKVM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BUXYZKVM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TSJUXYDU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TSJUXYDU.DLL
Trojan.Downloader-Gen/AVP
 C:\WINDOWS\AVP.EXE
 C:\WINDOWS\AVP.EXE
 [avp] C:\WINDOWS\AVP.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029350.EXE
 C:\WINDOWS\Prefetch\AVP.EXE-023E55A4.pf
Trojan.Downloader-MGRS
 C:\WINDOWS\MGRS.EXE
 C:\WINDOWS\MGRS.EXE
 [smgr] C:\WINDOWS\MGRS.EXE
 C:\WINDOWS\Prefetch\MGRS.EXE-2F0B7DD9.pf
Trojan.Downloader-NoName
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\6432.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\6432.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\SERVER16.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\SERVER16.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\MONSYS.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\MONSYS.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\16SERVER.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\16SERVER.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\16SERVER.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\6432.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\LOOKMON.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\MONAGENT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\MONSYS.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SERVER16.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SVAGENT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SYN32.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SYS16.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\WINSYN.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZQQBBUH0\HLPSRV[1].EXE
 C:\PROGRAM FILES\HLPSRV.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC23.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029360.EXE
 C:\WINDOWS\Prefetch\16SERVER.EXE-1FB3AB28.pf
 C:\WINDOWS\Prefetch\6432.EXE-34CCC361.pf
 C:\WINDOWS\Prefetch\HLPSRV.EXE-2A21BA7B.pf
 C:\WINDOWS\Prefetch\MONSYS.EXE-3730A5D6.pf
 C:\WINDOWS\Prefetch\SERVER16.EXE-27ABD9C8.pf
Trojan.Downloader-Gen/CinBroom
 [Printer] C:\WINDOWS\SYSTEM32\PRINTER.EXE
 C:\WINDOWS\SYSTEM32\PRINTER.EXE
Unclassified.Unknown Origin
 HKLM\Software\Classes\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#t
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
Adware.EZula/TopText
 HKLM\Software\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\InprocServer32
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\ProgID
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\VersionIndependentProgID
 C:\PROGRA~1\EZULA\EABH.DLL
Adware.E404 Helper/Hij
 HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\ProgID
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\Programmable
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\TypeLib
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\VersionIndependentProgID
 C:\PROGRAM FILES\E404 HELPER\E404.V5.DLL
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\E404.e404mgr
 HKCR\E404.e404mgr\CLSID
 HKCR\E404.e404mgr\CurVer
 HKCR\E404.e404mgr.1
 HKCR\E404.e404mgr.1\CLSID
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version
 C:\Program Files\E404 Helper
Adware.Tracking Cookie
 C:\Documents and Settings\HCH\Cookies\hch@server.iad.liveperson[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@hypertracker[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@msnportal.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@klik.klikadvertising[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@cgi-bin[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@pro-market[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adrevolver[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@bizrate[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@findwhat[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67809844[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@revsci[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@networksolutions.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adecn[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@sourceinterlink.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adserver[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@atdmt[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@enhance[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@ad.yieldmanager[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@media.adrevolver[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@advancedcleaner[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@system[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@overture[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@web4.realtracker[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[3].txt
 C:\Documents and Settings\HCH\Cookies\hch@tribalfusion[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@specificclick[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@toseeka[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@statcounter[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@realmedia[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@heavycom.122.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@klik.klikadvertising[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@pro-market[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@toseeka[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@tracker[1].txt
 

3jewels

31 Posts

November 23rd, 2007 00:00


 
Adware.Ezula
 C:\WINDOWS\eZinstall.exe
 HKCR\EZulaAgent.eZulaCtrlHost
 HKCR\EZulaAgent.eZulaCtrlHost\CLSID
 HKCR\EZulaAgent.eZulaCtrlHost\CurVer
 HKCR\EZulaAgent.eZulaCtrlHost.1
 HKCR\EZulaAgent.eZulaCtrlHost.1\CLSID
 HKCR\eZulaAgent.IEObject
 HKCR\eZulaAgent.IEObject\CLSID
 HKCR\eZulaAgent.IEObject\CurVer
 HKCR\eZulaAgent.IEObject.1
 HKCR\eZulaAgent.IEObject.1\CLSID
 HKCR\EZulaAgent.PlugProt
 HKCR\EZulaAgent.PlugProt\CLSID
 HKCR\EZulaAgent.PlugProt\CurVer
 HKCR\EZulaAgent.PlugProt.1
 HKCR\EZulaAgent.PlugProt.1\CLSID
 HKCR\eZulaAgent.ToolBarBand
 HKCR\eZulaAgent.ToolBarBand\CLSID
 HKCR\eZulaAgent.ToolBarBand.1
 HKCR\eZulaAgent.ToolBarBand.1\CLSID
 HKCR\EZulaBootExe.InstallCtrl
 HKCR\EZulaBootExe.InstallCtrl\CLSID
 HKCR\EZulaBootExe.InstallCtrl\CurVer
 HKCR\EZulaBootExe.InstallCtrl.1
 HKCR\EZulaBootExe.InstallCtrl.1\CLSID
 HKCR\EZulaFSearchEng.eZulaCode
 HKCR\EZulaFSearchEng.eZulaCode\CLSID
 HKCR\EZulaFSearchEng.eZulaCode\CurVer
 HKCR\EZulaFSearchEng.eZulaCode.1
 HKCR\EZulaFSearchEng.eZulaCode.1\CLSID
 HKCR\EZulaFSearchEng.eZulaHash
 HKCR\EZulaFSearchEng.eZulaHash\CLSID
 HKCR\EZulaFSearchEng.eZulaHash\CurVer
 HKCR\EZulaFSearchEng.eZulaHash.1
 HKCR\EZulaFSearchEng.eZulaHash.1\CLSID
 HKCR\EZulaFSearchEng.eZulaSearch
 HKCR\EZulaFSearchEng.eZulaSearch\CLSID
 HKCR\EZulaFSearchEng.eZulaSearch\CurVer
 HKCR\EZulaFSearchEng.eZulaSearch.1
 HKCR\EZulaFSearchEng.eZulaSearch.1\CLSID
 HKCR\EZulaFSearchEng.PopupDisplay
 HKCR\EZulaFSearchEng.PopupDisplay\CLSID
 HKCR\EZulaFSearchEng.PopupDisplay\CurVer
 HKCR\EZulaFSearchEng.PopupDisplay.1
 HKCR\EZulaFSearchEng.PopupDisplay.1\CLSID
 HKCR\EZulaFSearchEng.ResultHelper
 HKCR\EZulaFSearchEng.ResultHelper\CLSID
 HKCR\EZulaFSearchEng.ResultHelper\CurVer
 HKCR\EZulaFSearchEng.ResultHelper.1
 HKCR\EZulaFSearchEng.ResultHelper.1\CLSID
 HKCR\EZulaFSearchEng.SearchHelper
 HKCR\EZulaFSearchEng.SearchHelper\CLSID
 HKCR\EZulaFSearchEng.SearchHelper\CurVer
 HKCR\EZulaFSearchEng.SearchHelper.1
 HKCR\EZulaFSearchEng.SearchHelper.1\CLSID
 HKCR\EZulaMain.eZulaSearchPipe
 HKCR\EZulaMain.eZulaSearchPipe\CLSID
 HKCR\EZulaMain.eZulaSearchPipe\CurVer
 HKCR\EZulaMain.eZulaSearchPipe.1
 HKCR\EZulaMain.eZulaSearchPipe.1\CLSID
 HKCR\EZulaMain.TrayIConM
 HKCR\EZulaMain.TrayIConM\CLSID
 HKCR\EZulaMain.TrayIConM\CurVer
 HKCR\EZulaMain.TrayIConM.1
 HKCR\EZulaMain.TrayIConM.1\CLSID
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\InprocServer32
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\InprocServer32#ThreadingModel
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\ProgID
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\Programmable
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\TypeLib
 HKCR\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\VersionIndependentProgID
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{2306ABE4-4D42-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}#AppID
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\LocalServer32
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\ProgID
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\Programmable
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\TypeLib
 HKCR\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\VersionIndependentProgID
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}#AppID
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\LocalServer32
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\ProgID
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\Programmable
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\TypeLib
 HKCR\CLSID\{B1DD8A69-1B96-11D4-B175-0050DAB79376}\VersionIndependentProgID
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}#AppID
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\LocalServer32
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{C03351A4-6755-11D4-8A73-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\InprocServer32
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\InprocServer32#ThreadingModel
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\ProgID
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\Programmable
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\VersionIndependentProgID
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\InprocServer32
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\InprocServer32#ThreadingModel
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\ProgID
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\Programmable
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\TypeLib
 HKCR\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\VersionIndependentProgID
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{083FA8F4-84F4-11D4-8A77-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\0
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\0\win32
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\FLAGS
 HKCR\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376}\1.0\HELPDIR
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\0
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\0\win32
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\FLAGS
 HKCR\TypeLib\{C0335197-6755-11D4-8A73-0050DA2EE1BE}\1.0\HELPDIR
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\ProxyStubClsid
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\ProxyStubClsid32
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\TypeLib
 HKCR\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\TypeLib#Version
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\TypeLib
 HKCR\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\ProxyStubClsid
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\ProxyStubClsid32
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\TypeLib
 HKCR\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\TypeLib#Version
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\TypeLib
 HKCR\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\TypeLib
 HKCR\Interface\{8A0443A2-5DA2-11D4-B185-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{C03351A3-6755-11D4-8A73-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\ProxyStubClsid32
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib
 HKCR\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib#Version
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\TypeLib
 HKCR\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\TypeLib#Version
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\ProxyStubClsid
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\ProxyStubClsid32
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\TypeLib
 HKCR\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\TypeLib#Version
  

3jewels

31 Posts

November 23rd, 2007 00:00


 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\InprocServer32#ThreadingModel
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance#CLSID
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag
 HKCR\CLSID\{50B4D2B3-723F-41B3-AEC4-0BD66F0F45FF}\Instance\InitPropertyBag#Url
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\InprocServer32#ThreadingModel
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance#CLSID
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag
 HKCR\CLSID\{A166C1B0-5CDB-447A-894A-4B9FD7149D51}\Instance\InitPropertyBag#Url
 C:\Program Files\Ezula\basis.dst
 C:\Program Files\Ezula\basis.kwd
 C:\Program Files\Ezula\basis.pu
 C:\Program Files\Ezula\basis.rst
 C:\Program Files\Ezula\CHCON.dll
 C:\Program Files\Ezula\genun.ez
 C:\Program Files\Ezula\Images\arrow1.gif
 C:\Program Files\Ezula\Images\arrow2.gif
 C:\Program Files\Ezula\Images\button_small.gif
 C:\Program Files\Ezula\Images\icon.gif
 C:\Program Files\Ezula\Images\Layer_Bottom.gif
 C:\Program Files\Ezula\Images\Layer_Center.gif
 C:\Program Files\Ezula\Images\Layer_Top.gif
 C:\Program Files\Ezula\Images\new.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_divider.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Left.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Off.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_On.gif
 C:\Program Files\Ezula\Images\PopUp_Follow_Right.gif
 C:\Program Files\Ezula\Images\PopUp_Top.gif
 C:\Program Files\Ezula\Images\PopUp_Top_Bottom.gif
 C:\Program Files\Ezula\Images\Side_B.gif
 C:\Program Files\Ezula\Images\Side_L.gif
 C:\Program Files\Ezula\Images\Side_R.gif
 C:\Program Files\Ezula\Images\Side_Top.gif
 C:\Program Files\Ezula\Images\spacer.gif
 C:\Program Files\Ezula\Images\Thumbs.db
 C:\Program Files\Ezula\Images
 C:\Program Files\Ezula\INSTALL.LOG
 C:\Program Files\Ezula\legend.lgn
 C:\Program Files\Ezula\mmod.exe
 C:\Program Files\Ezula\param.ez
 C:\Program Files\Ezula\rwds.rst
 C:\Program Files\Ezula\search.src
 C:\Program Files\Ezula\seng.dll
 C:\Program Files\Ezula\UNWISE.EXE
 C:\Program Files\Ezula\upgrade.vrn
 C:\Program Files\Ezula\version.vrn
 C:\Program Files\Ezula\wndbannn.src
 C:\Program Files\Ezula
 C:\Program Files\Web Offer\apev.exe
 C:\Program Files\Web Offer\basisp.dst
 C:\Program Files\Web Offer\basisp.kwd
 C:\Program Files\Web Offer\basisp.pu
 C:\Program Files\Web Offer\basisp.rst
 C:\Program Files\Web Offer\CHPON.dll
 C:\Program Files\Web Offer\eapbh.dll
 C:\Program Files\Web Offer\gendis.ez
 C:\Program Files\Web Offer\INSTALL.LOG
 C:\Program Files\Web Offer\paramp.ez
 C:\Program Files\Web Offer\rwdsp.rst
 C:\Program Files\Web Offer\sepng.dll
 C:\Program Files\Web Offer\UNWISE.EXE
 C:\Program Files\Web Offer\upgradep.vrn
 C:\Program Files\Web Offer\versionp.vrn
 C:\Program Files\Web Offer\wndbannnp.src
 C:\Program Files\Web Offer\wo.exe
 C:\Program Files\Web Offer
 C:\WINDOWS\WOINSTALL.EXE

Trojan.NewDotNet
 HKU\.DEFAULT\Software\New.net
 HKU\S-1-5-18\Software\New.net
 C:\WINDOWS\NDNUNINSTALL6_38.EXE

Malware.Ultimate Defender
 HKLM\Software\Ultimate Defender
 C:\DOCUMENTS AND SETTINGS\HCH\APPLICATION DATA\TRANT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2LOFIXY5\UCLEANER_SETUP[1].EXE
 C:\PROGRAM FILES\UCLEANER_SETUP.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC21.EXE
 C:\WINDOWS\Prefetch\TRANT.EXE-08CF80AD.pf
 C:\WINDOWS\Prefetch\UCLEANER_SETUP.EXE-0E6DB6A7.pf

Malware.Ultimate Cleaner
 HKLM\Software\Ultimate Cleaner
 C:\Program Files\Ultimate Cleaner
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\backup
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\logs
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner\settings.dat
 C:\Documents and Settings\HCH\Application Data\Ultimate Cleaner

Adware.Search2Find
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\FIND SPYWARE REMOVER.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\FREE ONLINE DATING.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\DESKTOP\GO TO CASINO.LNK
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ED1EJU1C\S2F[1].EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029362.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029365.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029367.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029369.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029384.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029386.LNK
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029388.LNK

Trojan.Unknown Origin
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\2LOFIXY5\3269[1].EXE
 C:\PROGRAM FILES\3269.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC24.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029361.EXE
 C:\WINDOWS\Prefetch\3269.EXE-2AF1D23C.pf

Trojan.Downloader-Gen/IX
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\43ZNI455\MSC[1].EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029363.EXE

Trojan.Downloader-FindFast/Fake
 C:\DOCUMENTS AND SETTINGS\HCH\START MENU\PROGRAMS\STARTUP\FINDFAST.EXE

Trojan.NewDotNet-Installer
 C:\PROGRAM FILES\FILESUBMIT\ALWAYS AND FOREVER\NNEZTA388.EXE
 C:\PROGRAM FILES\FILESUBMIT\TIGGER AND PIGLET ON ICE WITH SNOW FALLING\NNEZTA388.EXE
 C:\PROGRAM FILES\FILESUBMIT\VERY SAVER\NNEZTA388.EXE

MyQuickSearch Toolbar
 C:\PROGRAM FILES\QUICKSEARCH\QUICKSEARCHBAR1_27.DLL

InstaFinder Installer
 C:\WINDOWS\SYSTEM32\INSTAFINDER_INST.EXE

Trace.Known Threat Sources
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\e404[1].exe
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[5].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ED1EJU1C\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\WRQNM1E9\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\functions.js[1].php
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ZQQBBUH0\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\Q3WRIHGN\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\VFDRJHK4\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\KHGXAV09\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\AX3OP8FQ\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[3].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\7JY5TPLA\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[4].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\VFDRJHK4\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\43ZNI455\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\ED1EJU1C\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[3].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0B972UJ9\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\8TQNQRSH\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\43ZNI455\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\R6N771J4\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\2VABI9YF\[1].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\0DWNGJGF\[2].htm
 C:\Documents and Settings\HCH\Local Settings\Temporary Internet Files\Content.IE5\AX3OP8FQ\get_lic[1].htm
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/19/2007 at 08:42 AM

Application Version : 3.9.1008

Core Rules Database Version : 3346
Trace Rules Database Version: 1347

Scan type       : Complete Scan
Total Scan Time : 00:44:48

Memory items scanned      : 453
Memory threats detected   : 12
Registry items scanned    : 5700
Registry threats detected : 395
File items scanned        : 45177
File threats detected     : 195

Trojan.Downloader-XLIB
 C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL
 C:\WINDOWS\SYSTEM32\XLIBGFL254.DLL

Trojan.Downloader-Gen/MobRules
 C:\PROGRAM FILES\MGADOZSV\FZMSSDOA.DLL
 C:\PROGRAM FILES\MGADOZSV\FZMSSDOA.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PYRINKBM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\PYRINKBM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LWDAPYJU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\LWDAPYJU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BUXYZKVM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\BUXYZKVM.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TSJUXYDU.DLL
 C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\TSJUXYDU.DLL

Trojan.Downloader-Gen/AVP
 C:\WINDOWS\AVP.EXE
 C:\WINDOWS\AVP.EXE
 [avp] C:\WINDOWS\AVP.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029350.EXE
 C:\WINDOWS\Prefetch\AVP.EXE-023E55A4.pf

Trojan.Downloader-MGRS
 C:\WINDOWS\MGRS.EXE
 C:\WINDOWS\MGRS.EXE
 [smgr] C:\WINDOWS\MGRS.EXE
 C:\WINDOWS\Prefetch\MGRS.EXE-2F0B7DD9.pf

Trojan.Downloader-NoName
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\6432.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\6432.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\SERVER16.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\SERVER16.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\MONSYS.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\MONSYS.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\16SERVER.EXE
 C:\DOCUME~1\HCH\LOCALS~1\TEMP\16SERVER.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\16SERVER.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\6432.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\LOOKMON.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\MONAGENT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\MONSYS.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SERVER16.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SVAGENT.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SYN32.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\SYS16.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMP\WINSYN.EXE
 C:\DOCUMENTS AND SETTINGS\HCH\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\ZQQBBUH0\HLPSRV[1].EXE
 C:\PROGRAM FILES\HLPSRV.EXE
 C:\RECYCLER\S-1-5-21-1757134264-4201092952-2540798924-1011\DC23.EXE
 C:\SYSTEM VOLUME INFORMATION\_RESTORE{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP301\A0029360.EXE
 C:\WINDOWS\Prefetch\16SERVER.EXE-1FB3AB28.pf
 C:\WINDOWS\Prefetch\6432.EXE-34CCC361.pf
 C:\WINDOWS\Prefetch\HLPSRV.EXE-2A21BA7B.pf
 C:\WINDOWS\Prefetch\MONSYS.EXE-3730A5D6.pf
 C:\WINDOWS\Prefetch\SERVER16.EXE-27ABD9C8.pf

Trojan.Downloader-Gen/CinBroom
 [Printer] C:\WINDOWS\SYSTEM32\PRINTER.EXE
 C:\WINDOWS\SYSTEM32\PRINTER.EXE

Unclassified.Unknown Origin
 HKLM\Software\Classes\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#ThreadingModel
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}\InprocServer32#t
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}
 HKCR\CLSID\{2F02D978-0FF6-80F7-60BB-0426224AB7B3}

Adware.EZula/TopText
 HKLM\Software\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\InprocServer32
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\ProgID
 HKCR\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\VersionIndependentProgID
 C:\PROGRA~1\EZULA\EABH.DLL

Adware.E404 Helper/Hij
 HKLM\Software\Classes\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\InprocServer32#ThreadingModel
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\ProgID
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\Programmable
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\TypeLib
 HKCR\CLSID\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}\VersionIndependentProgID
 C:\PROGRAM FILES\E404 HELPER\E404.V5.DLL
 HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F10587E9-0E47-4CBE-84AE-7DD20B8684BB}
 HKCR\E404.e404mgr
 HKCR\E404.e404mgr\CLSID
 HKCR\E404.e404mgr\CurVer
 HKCR\E404.e404mgr.1
 HKCR\E404.e404mgr.1\CLSID
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\0\win32
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\FLAGS
 HKCR\TypeLib\{E63648F7-3933-440E-B4F6-A8584DD7B7EB}\1.0\HELPDIR
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\ProxyStubClsid32
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib
 HKCR\Interface\{F7D09218-46D7-4D3D-9B7F-315204CD0836}\TypeLib#Version
 C:\Program Files\E404 Helper

Adware.Tracking Cookie
 C:\Documents and Settings\HCH\Cookies\hch@server.iad.liveperson[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@hypertracker[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@msnportal.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@klik.klikadvertising[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@cgi-bin[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@pro-market[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adrevolver[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@bizrate[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@findwhat[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67809844[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@revsci[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@networksolutions.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adecn[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@sourceinterlink.112.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@adserver[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@atdmt[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@enhance[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@ad.yieldmanager[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@media.adrevolver[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@advancedcleaner[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@system[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@overture[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@web4.realtracker[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[3].txt
 C:\Documents and Settings\HCH\Cookies\hch@tribalfusion[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@specificclick[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@toseeka[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@statcounter[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@realmedia[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@67.15.239[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@heavycom.122.2o7[1].txt
 C:\Documents and Settings\HCH\Cookies\hch@klik.klikadvertising[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@pro-market[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@toseeka[2].txt
 C:\Documents and Settings\HCH\Cookies\hch@tracker[1].txt

bamajim

10.4K Posts

November 23rd, 2007 12:00


3jewles

Once again you have post the wrong log.

The log I want to see is like the very first log you posted. The Hijackthis log







Microsoft MVP Windows-Security



"The world is what you make of it"





3jewels

31 Posts

November 23rd, 2007 14:00

Sorry, I wasn't paying attention!!! See if this works!Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:07:03 AM, on 11/23/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Julia\LOCALS~1\Temp\2006430115514_mcinfo.exe /insfin
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [pyrinkbm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pyrinkbm.dll"
O4 - HKLM\..\Run: [lwdapyju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lwdapyju.dll"
O4 - HKLM\..\Run: [buxyzkvm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\buxyzkvm.dll"
O4 - HKLM\..\Run: [tsjuxydu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tsjuxydu.dll"
O4 - HKLM\..\Run: [gfwtsjez] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gfwtsjez.dll"
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Global Startup: .protected
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 8475 bytes

bamajim

10.4K Posts

November 25th, 2007 14:00


3jewels

It will take a couple of runs at this to remove all of it so please be patient

1. Please download the Killbox.
  • 1)Save it to the desktop
    2) Rt Click->>Extract all->.Extract it to your Desktop
    3) Double Click Killbox.exe to run it
    4)Select " Delete on Reboot", and then select "All files".
    5) Copy the file names below to the clipboard by highlighting them and pressing Control-C:

    • C:\Documents and Settings\All Users\Application Data\gfwtsjez.dll
      C:\Documents and Settings\All Users\Application Data\tsjuxydu.dll
      C:\Documents and Settings\All Users\Application Data\buxyzkvm.dll
      C:\Documents and Settings\All Users\Application Data\lwdapyju.dll
      C:\Documents and Settings\All Users\Application Data\pyrinkbm.dll


    6) Return to Killbox, go to the File menu, and choose " Paste from Clipboard".
    7) Click the red-and-white " Delete File" button.  Click " Yes" at the Delete on Reboot prompt.








2. Rerun Hijackthis (scan only) and place checks beside the following entries
  • O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O4 - HKLM\..\Run: [pyrinkbm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\pyrinkbm.dll"
    O4 - HKLM\..\Run: [lwdapyju] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\lwdapyju.dll"
    O4 - HKLM\..\Run: [buxyzkvm] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\buxyzkvm.dll"
    O4 - HKLM\..\Run: [tsjuxydu] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\tsjuxydu.dll"
    O4 - HKLM\..\Run: [gfwtsjez] regsvr32 /u "C:\Documents and Settings\All Users\Application Data\gfwtsjez.dll"

Close all other open windows except Hijackthis and Select " Fix checked"

Close Hijackthis ->> Reboot your PC ->> Rerun Hijackthis and post a fresh Hijackthis log















Microsoft MVP Windows-Security



"The world is what you make of it"





3jewels

31 Posts

November 27th, 2007 19:00


Scan saved at 3:48:22 PM, on 11/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\shell.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe
C:\WINDOWS\system32\basfipm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ie/defaults/sb/sbcydsl/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ie/defaults/sp/sbcydsl/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\shell.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\Julia\LOCALS~1\Temp\2006430115514_mcinfo.exe /insfin
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [Printer] C:\WINDOWS\system32\printer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Spoolsv] C:\WINDOWS\system32\spoolvs.exe
O4 - Startup: .protected
O4 - Startup: findfast.exe
O4 - Global Startup: .protected
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: autorun.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei/PopularScreenSaversFWBInitialSetup1.0.0.15-3.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-17.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.mail.live.com/mail/w1/resources/MSNPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DC187740-46A9-11D5-A815-00B0D0428C0C} - http://ds1.downloadtech.net/cn1060/pcpowerscan.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\hpzipm12.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\SYSTEM32\YPCSER~1.EXE
--
End of file - 7899 bytes

Was this post helpful?

View All

No Events found!

Top