Spyware has frozen my Desktop - please help! (RESOLVED)

**Mumrah** · 08-02-2006

Hi there. I was innocently checking my e-mail two days ago when a download masquerading as a poker installation popped up, imbedded itself despite my telling it to cancel, and has subsequently infected my PC. My desktop is now bright red with a flashing warning message in the centre saying:

Danger: SPYWARE

with a list of apparent problems found on computer and links to 'RazeSpyware'. I cannot right-click on the desktop any more and I am concerned that the perpatrator can access my private information, use my bandwith etc. Start-up has been slower since, though I have not had any other symptoms.

I found your site whilst looking to solve the problem and have followed the advice on your forum stickies. After updating AdAware SE, the program found an alarming number of dangerous files on my system (nearly 300) which I instructed it to delete; I also downloaded and updated SpyBot and ran a check. Neither of these searches have solved the problem, and I am therefore posting my HijackThis Log for your kind attention. See below:

Logfile of HijackThis v1.99.1
Scan saved at 03:35:56, on 08/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.kcl.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali Internet Access
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132857459343
O17 - HKLM\System\CCS\Services\Tcpip\..\{1BBC0F5D-8C00-483C-BE20-DE92FD14DF77}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F4488C1-83CA-41A8-98CA-BC33F8B314E3}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3934C9E-4007-489D-893B-240142C026C1}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191A174-C303-4CA5-8479-09B82C4B666D}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BBC0F5D-8C00-483C-BE20-DE92FD14DF77}: NameServer = 85.255.114.50,85.255.112.20
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Thank you !

**VopThis** · 08-02-2006

Read over the following directions. Ask if anything appears unclear to you.

Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
http://www.thatcomputerguy.us/downloads/clean.bat

We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

O4 - HKLM\..\Run: [SEARCHUPGRADER] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{1BBC0F5D-8C00-483C-BE20-DE92FD14DF77}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{7F4488C1-83CA-41A8-98CA-BC33F8B314E3}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{D3934C9E-4007-489D-893B-240142C026C1}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CCS\Services\Tcpip\..\{F191A174-C303-4CA5-8479-09B82C4B666D}: NameServer = 85.255.114.50,85.255.112.20
O17 - HKLM\System\CS1\Services\Tcpip\..\{1BBC0F5D-8C00-483C-BE20-DE92FD14DF77}: NameServer = 85.255.114.50,85.255.112.20

Make sure that all browser windows and internet links are closed, even this one!
CLICK ’FIX CHECKED’ with HijackThis.

HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).

Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

Go to Start > Run and type: CLEANMGR.EXE and hit enter.
When prompted select the C: drive and click ok.
Check the boxes for:

Temporary Internet Files
Downloaded Program Files
Recycle Bin
Temporary Files

Click OK or Enter

For additional, more thorough cleaning and for multi-profile user configurations:
(*) Run Clean.bat to clean up your TEMPorary files.

***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.

Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):

DELETE FILES:

(none specified/as needed)

DELETE APPLICATION FOLDERS
Go to Add/Remove Programs

In Control Panel>Add/Remove Programs look for any related entries for unwanted items listed below (or anything else you need to investigate or did not put in there).

UNINSTALLER Alternate SEARCH: Otherwise, advisable to locate and try right-clicking on any of the given SEARCH FOLDER items below and further search (tick include subdirectories) for the following exact text:

UN*.EXE, *UN*.EXE

This may reveal an uninstaller with label terms such as '...uninstall...EXE', ‘unins000’, or 'unwise.EXE'. Double-click that EXE, if one is found. Thereafter, check to ensure that the folder is completely gone. Otherwise, consider deleting the folder in question.

-----> C:\Program Files\Common files\SearchUpgrader

POST A REVISED HIJACKTHIS LOG for review:
Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

**Mumrah** · 08-02-2006

Hello again. Thank you for your help.

The spyware is still very much here ..

I removed the Program EmpirePoker, which I recall now was the original pop-up download, as well as a several other rarely used or suspicious programs. I also removed the SearchUpgrader folder and performed all the other actions in Safe Mode which you suggested.

No new symptoms, except that turning my PC off is much slower now. Hade quite a scare just now when the PC wouldn't start and just froze on the first screen of white text whilst checking the RAM. I had to press F8, then cancel, to get to Windows.

Let me know if anything else in the new log sounds dodgy, or if there is anything else I can try:

Logfile of HijackThis v1.99.1
Scan saved at 13:08:04, on 08/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://webmail.kcl.ac.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.meshcomputers.com
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132857459343
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

**VopThis** · 08-02-2006

Clean.bat is a BATCH file - simply double-click on the the file icon and allow it to run. Answer 'yes' to any of the prompts.

You may want to print out these instructions for reference (or save a copy to your desktop), since you will have to restart your computer during the fix.

Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.

REBOOT.

Please download FixWareout from one of these sites:
http://forums.subratam.org/index.php...=post&id=43811
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:

O1 - HOSTS: localhost 127.0.0.1

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

Finally, please post the contents of the Ewido log and logfile C:\fixwareout\report.txt, along with a new HijackThis log.

**Mumrah** · 08-02-2006

OK. The Ewido scan cleaned up a LOT of stuff and succeeded in removing the red background and flashing desktop message. However, my desktop is now flashing white and grey. I can right-click on it, but it doesn't behave like my desktop should - it's properties are those of an HTML file ...

The log is actually too long for even 2 posts! So I've had to chop it up:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 19:15:14, 08/02/2006
+ Report-Checksum: 1D937B23

+ Scan result:

HKLM\SOFTWARE\HbTools -> Adware.HotBar : Cleaned with backup
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_5016 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_5115 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_5478 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_5491 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_5589 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_6129 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_6130 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_1\Seqn_6134 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_2 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_2\Seqn_5364 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_2\Seqn_5372 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_2\Seqn_5381 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_2\Seqn_5387 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_2\Seqn_5942 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_2\Seqn_5966 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_3 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_3\Seqn_5138 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_0\Level_4 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_1 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_1\Level_1 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_1\Level_2 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_1\Level_2\Seqn_5565 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_1\Level_3 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_1\Level_4 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_5016 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_5115 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_5478 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_5491 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_5589 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_6129 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_6130 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_1\Seqn_6134 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_2 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_2\Seqn_5364 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_2\Seqn_5372 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_2\Seqn_5381 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_2\Seqn_5387 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_2\Seqn_5942 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_2\Seqn_5966 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_3 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_3\Seqn_5138 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_2\Level_4 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_5016 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_5115 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_5478 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_5491 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_5589 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_6129 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_6130 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_1\Seqn_6134 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_2 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_2\Seqn_5364 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_2\Seqn_5372 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_2\Seqn_5381 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_2\Seqn_5387 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_2\Seqn_5942 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_2\Seqn_5966 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_3 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_3\Seqn_5138 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_3\Level_4 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_1 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_1\Seqn_5329 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5035 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5077 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5085 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5086 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5136 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5269 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5276 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5359 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5455 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5481 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5522 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_2\Seqn_5541 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_3 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_3\Seqn_5143 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_3\Seqn_5258 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_3\Seqn_5280 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_3\Seqn_5396 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_3\Seqn_5400 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Loc t_4\Level_4 -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices\Queue -> Adware.Cydoor : Cleaned with backup
HKU\S-1-5-21-2142621521-2289973319-2676661370-1006\Software\Kazaa\Promotions\Cydoor\Adwr_329\Ser vices\Status -> Adware.Cydoor : Cleaned with backup
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\WINDOWS\desktop.html -> Not-A-Virus.Hoax.Win32.Aflac.a : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_500800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_500800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_501600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_501600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_501600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_504000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_504300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_504300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_504800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_504800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_505700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_506300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_506700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_507000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_517200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_517500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_520300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_527000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_527000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_534900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_534900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_536400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_537200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_537200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_538100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_538100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_538700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_538700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_547800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_547800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_549100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_549100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_549500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_566900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_571200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_583000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_583800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_596300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_612900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_613000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_613400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_624200.htm -> Adware.Cydoor : Cleaned with backup

**Mumrah** · 08-02-2006

C:\WINDOWS\system32\AdCache\B_329_0_1_624200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_638000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_638100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_682100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_1_700000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_506300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_506500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_506700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_507000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_528600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_536400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_537200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_537200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_538100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_538100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_538700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_538700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_550500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_550500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_594200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_594200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_596600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_596600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_612900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_613000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_613400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_630100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_2_667000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_0_3_513800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_500800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_500800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_501600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_501600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_501600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_504000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_504300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_504300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_504800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_504800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_505700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_549500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_566900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_571200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_583000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_583800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_596300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_612900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_613000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_613400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_624200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_624200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_638000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_682100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_700000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_502100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_502100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_502600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_502600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_506300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_506500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_506700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_507000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_528600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_536400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_537200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_537200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_538100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_506300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_506700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_507000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_517200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_517500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_518500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_520300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_527000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_527000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_534900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_534900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_536400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_537200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_537200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_538100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_538100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_538700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_538700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_547800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_547800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_549100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_1_549100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_538100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_538700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_538700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_550500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_550500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_594200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_594200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_596600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_596600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_602100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_602100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_612900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_613000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_613400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_630100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_2_667000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_3_513800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_2_4_655500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_500800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_500800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_501600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_501600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_501600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_504000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_504300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_504300.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_504800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_504800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_505700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_506300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_506700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_507000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_517200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_517500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_520300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_527000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_527000.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_534900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_534900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_536400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_537200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_537200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_538100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_538100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_538700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_538700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_547800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_547800.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_549100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_549100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_549500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_566900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_571200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_583000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_583800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_596300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_612900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_613000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_613400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_624200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_624200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_638000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_638100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_682100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_1_700000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_506300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_506500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_506700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_507000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_528600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_536400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_537200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_537200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_538100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_538100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_538700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_538700.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_550500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_550500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_594200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_594200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_596600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_596600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_612900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_613000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_613400.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_630100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_2_667000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_3_3_513800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_501500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_501500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_502500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_503000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_503800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_506400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_506400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_507200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_507800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_507800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_508600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_509800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_509800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_511200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_511200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_512200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_513500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_513500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_521100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_521100.jpg -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_521200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_521200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_522500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_522500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_528200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_528400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_532900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_537900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_537900.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_539600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_539600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_540000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_540000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_540100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_540100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_540200.htm -> Adware.Cydoor : Cleaned with backup

**Mumrah** · 08-02-2006

C:\WINDOWS\system32\AdCache\B_329_4_1_540200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_543000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_546500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_546500.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_564200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_565200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_568700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_576900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_579500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_582900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_584500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_584500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_585800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_606500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_614900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_618200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_641300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_641300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_641700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_641700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_641900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_657900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_666300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_666300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_666600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_666600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_666700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_666700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_667400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_667400.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_667600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_667600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_681600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_681600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_681700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_681900.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_1_681900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_500400.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_503500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_507700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_508500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_508600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_513600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_519300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_523700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_524100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_526900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_527600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_535600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_535600.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_535900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_539600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_539600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_540000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_540000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_540100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_540100.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_540200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_540200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_545500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_548100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_552200.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_552200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_553800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_554100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_554100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_556100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_573800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_606500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_641300.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_641300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_665100.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_2_665100.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_514300.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_525800.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_528000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_539600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_539600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_540000.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_540000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_540200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_540200.swf -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_606500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_641700.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_3_641700.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_4_500600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_329_4_4_539900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_511500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_556500.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_558900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\howiper.exe -> Trojan.Small.gq : Cleaned with backup
C:\WINDOWS\system32\SetupCarnival.exe -> Adware.Casino : Cleaned with backup

::Report End

=====

Wow. I'm quite worried by how much stuff that turned up! Anyway ...

FixWareOut produced this log:

Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\ypszr
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\daolnwodi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\putesprpgd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Urls\lavinraCputeS

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\IPSEC6.EXE

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

==

And here is the HijackThis log ... the log 01 - HOSTS: localhost 127.0.0.1 was no longer there, presumably because one of the scans identified and cleared it.

Logfile of HijackThis v1.99.1
Scan saved at 19:38:17, on 08/02/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\fixwareout\SUB\BFU.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [Ptipbmf] rundll32.exe ptipbmf.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132857459343
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

**VopThis** · 08-02-2006

You have just observed the kind of consequences which can occur with P2P tools like Kazaa. There may be more left overs from having had Kazaa on your PC.

Download kazaabegone and unzip it to your DESKTOP.
http://castlecops.com/zx/Merijn/kazaabegone.zip

KazaaBegone: A Kazaa uninstaller which scans and removes all elements of all Kazaa versions, as well as all of the bundled software that comes with it.
Warning: This version has a bug that can cause your Internet connection to be broken when removing New.Net, WebHancer or CommonName. An update is being worked on. If you still want to use KazaaBegone, download LSPFix http://www.cexx.org/lspfix.htm to fix your Internet connection (download it before you run KazaaBegone, of course).

REBOOT.

Place a shortcut to Panda ActiveScan on your desktop.

Run the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post a Panda log back here, if anything is reported.

**Mumrah** · 09-02-2006

I haven't even used Kazaa for ages ... how ironic - I'm glad to see the back of it, to be honest. Thanks for that. The Panda program found 22 spyware programs and 2 hacking tools (!!). Here is the log. How do I go about removing them?

Incident Status Location

Adware:adware/commad Not disinfected C:\Documents and Settings\Jimmy Bevs\Local Settings\Temp\cmdinst.exe
Adware:adware/keenvalue Not disinfected C:\WINDOWS\BROWSERXTRAS\PN\remove.exe
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Potentially unwanted tool:application/myway Not disinfected C:\PROGRAM FILES\MyWay
Adware:adware/gator Not disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
Adware:adware/cydoor Not disinfected C:\WINDOWS\cdmxtras
Spyware:spyware/searchcentrix Not disinfected Windows Registry
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[1].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[3].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@888[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@belnk[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@cassava[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@desktop.kazaa[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@rn11[1].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[1].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[3].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@888[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@belnk[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@cassava[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@desktop.kazaa[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@rn11[1].txt
Hacktool:HackTool/EvID Not disinfected C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe
Adware:Adware/RazeSpyware Not disinfected C:\WINDOWS\system32\rzspy.exe

**VopThis** · 09-02-2006

In SAFE MODE, delete the following FILES (TIP: you can copy each individual line into the search dialogue box to speed up the removal task):

C:\Documents and Settings\Jimmy Bevs\Local Settings\Temp\cmdinst.exe
C:\WINDOWS\BROWSERXTRAS\PN\remove.exe
C:\WINDOWS\smdat32a.sys
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
C:\WINDOWS\cdmxtras

C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[3].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@888[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@belnk[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@cassava[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@desktop.kazaa[2].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@rn11[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@307[3].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@888[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@belnk[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@cassava[1].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@desktop.kazaa[2].txt
C:\Documents and Settings\Jimmy Bevs\Cookies\jimmy bevs@rn11[1].txt
C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe
C:\WINDOWS\system32\rzspy.exe

REBOOT.

Please do an additional online scan (scan only tool) with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
  - Extended (if available otherwise Standard)
- Scan Options:
  - Scan Archives
  - Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

POST A REVISED HIJACKTHIS LOG for review:
Post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.

Spyware has frozen my Desktop - please help! (RESOLVED)

Spyware has frozen my Desktop - please help! (RESOLVED)

Similar Threads

[RESOLVED] Spyware

desktop changed and popups for spyware

spyware (RESOLVED)

Spyware-Quake... but maybe not?(RESOLVED)

I Think I've got Spyware!!(RESOLVED)