Google Answers: Aurora.exe and nail.exe help with hijaker to clean

View Question

Q: Aurora.exe and nail.exe help with hijaker to clean ( Answered 5 out of 5 stars

, 0 Comments )

Question

Subject: Aurora.exe and nail.exe help with hijaker to clean
Category: Computers > Security
Asked by: empireday-ga
List Price: $4.50

Posted: 17 Sep 2005 19:31 PDT
Expires: 17 Oct 2005 19:31 PDT
Question ID: 569251

I have tryed these methods from http://answers.google.com/answers/threadview?id=550004 and have deleted all that every thing finds. Now not only do I get the annoying pop ups from Aurora, I also have words underlined and linked (sponsord link) in all the web pages I go to (I belive I had done something to prevent this befor but do not remember what. Help please. Here is the last log from Hijaker Logfile of HijackThis v1.99.1 Scan saved at 9:11:58 PM, on 9/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file) R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italyadb.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=092805 serial=WS12WTX-9999998-UYR lang=EN O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124747250031 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://www.anonymizer.com/anti-spyware/2.6/freescanner/WebAAS.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.9.0.0.2.cab O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www4.ci.detroit.mi.us/CityofDetroit/Property_Maps/acgm/acgm.cab O18 - Filter: text/html - {724D478A-2BD0-4DB4-AE42-288B1E346EF7} - C:\Program Files\FCEngine\Plugin.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE everything has been done in Safe Mode and with my router off line (off) I run Norton virus, SD, AdAware, and now also Ewido. I belive my son got this yesterday and its driving me nuts!
Request for Question Clarification by sublime1-ga on 17 Sep 2005 20:03 PDT empireday... The following should be checked for removal: O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} There are several other entries that are questionable, and need to be examined. You can find them in the analysis of your logfile which is temporarily (3 days) available on this page of an HJT analysis site: http://www.hijackthis.de/logfiles/3e450d6f267d9da0a6f61db43f281ece.html Some of the entries with question marks will be recognizable programs which you use. Others will be more obscure, and you can use the readers' ratings as a guideline in addition to your own familiarity or lack thereof. Hopefully you've already run a thorough Virus Scan as well. If not, you'll need to do so. Let me know where this takes you... sublime1-ga
Request for Question Clarification by livioflores-ga on 17 Sep 2005 21:14 PDT I am working in your question and suggest you to do not remove the item: O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} This item is related to the Microsoft Money software package. Browser Helper Object (BHO) extension allowing browser integration: http://www.fileresearchcenter.com/applicationdisplay.html?id=1574 Thank you for your attention.
Clarification of Question by empireday-ga on 17 Sep 2005 21:16 PDT I did that and ran another log. I still have the pop ups and the links in all the web pages. I have ran both Norton with todays update and ewido both found and deleted files. here is the new log: note I changed the options so there are more entrys... Logfile of HijackThis v1.99.1 Scan saved at 10:37:24 PM, on 9/17/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll R3 - URLSearchHook: (no name) - ~37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file) R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italyadb.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\toolbar.dll O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=092805 serial=WS12WTX-9999998-UYR lang=EN O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124747250031 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://www.anonymizer.com/anti-spyware/2.6/freescanner/WebAAS.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.9.0.0.2.cab O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www4.ci.detroit.mi.us/CityofDetroit/Property_Maps/acgm/acgm.cab O18 - Filter: text/html - {724D478A-2BD0-4DB4-AE42-288B1E346EF7} - C:\Program Files\FCEngine\Plugin.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
Clarification of Question by empireday-ga on 17 Sep 2005 21:19 PDT I don't use MS Money so it shouldn't be a problome that I removed it I hope??
Clarification of Question by empireday-ga on 17 Sep 2005 21:31 PDT heres a long list from Spyware Doctor although I can not use it to delet as my CC just got declined: Alexa I knew about along with Wild Tangent. This has the abetter web and popstop that nothing else is finding! LONG Scans (basic information only): Scan Results: scan start: 9/17/2005 10:52:44 PM scan stop: 9/17/2005 11:18:58 PM scanned items: 202849 found items: 537 found and ignored: 0 tools used: General Scanner, Process Scanner, Hosts scanner, LSP Scanner, Registry Scanner, Browser Defaults, Favorites and ZoneMap Scanner, ActiveX Scanner, Browser Activity Scanner, Disk Scanner Infection Name Location Risk ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1 Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1## Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1##UninstallString Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1##DisplayName Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1##DisplayIcon Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1##URLInfoAbout Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1##Publisher Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1##HelpLink Elevated ABetterInternet HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bsto-1##Contact Elevated Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637} Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}## Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0 Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0## Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\0 Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\0## Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\0\win32 Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\0\win32## Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\FLAGS Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\FLAGS## Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\HELPDIR Low Alexa HKCR\TypeLib\{EACAA5CE-99B3-470E-9629-8F9EF4C4B637}\1.0\HELPDIR## Low Alexa HKCU\Software\Microsoft\Internet Explorer\MenuExt\Write a Review... Low Alexa HKCU\Software\Microsoft\Internet Explorer\MenuExt\Write a Review...## Low Alexa HKCU\Software\Microsoft\Internet Explorer\MenuExt\Write a Review...##Contexts Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96} Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}## Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##ProviderName Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##QueryPath Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##RegistrationPath Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##AboutPath Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##Type Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##Revision Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##UpdateStatus Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}##Status Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE} Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}## Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##ServiceName Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##SourceData Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##Description Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##TermsOfUse Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##CategoryID Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##SortOrder Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##Status Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##Display Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##Parental Low Alexa HKCU\Software\Microsoft\Office\11.0\Common\Research\Sources\{19C33034-3878-4beb-B843-62C2761AFF96}\{56D356FA-B174-424b-BF3A-AF35E6A94DDE}##PersistData Low Alexa HKLM\software\Alexa Toolbar Low Alexa HKLM\software\Alexa Toolbar## Low BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A} High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}## High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}\ProxyStubClsid High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}\ProxyStubClsid## High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}\ProxyStubClsid32 High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}\ProxyStubClsid32## High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}\TypeLib High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}\TypeLib## High BigTrafficNetwork HKCR\Interface\{15D53B86-E055-43B1-BBEE-A91A0F37BD2A}\TypeLib##Version High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094} High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}## High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}\ProxyStubClsid High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}\ProxyStubClsid## High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}\ProxyStubClsid32 High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}\ProxyStubClsid32## High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}\TypeLib High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}\TypeLib## High BigTrafficNetwork HKCR\Interface\{6B882C34-A832-4F5B-BEF1-7E198BE3F094}\TypeLib##Version High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822} High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}## High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}\ProxyStubClsid High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}\ProxyStubClsid## High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}\ProxyStubClsid32 High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}\ProxyStubClsid32## High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}\TypeLib High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}\TypeLib## High BigTrafficNetwork HKCR\Interface\{9B6B4031-1D6D-4C65-ACBA-021916853822}\TypeLib##Version High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB} High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}## High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}\ProxyStubClsid High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}\ProxyStubClsid## High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}\ProxyStubClsid32 High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}\ProxyStubClsid32## High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}\TypeLib High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}\TypeLib## High BigTrafficNetwork HKCR\Interface\{9FF60A27-0C0C-4A6A-A15F-B21B644D67BB}\TypeLib##Version High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2} High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}## High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}\ProxyStubClsid High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}\ProxyStubClsid## High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}\ProxyStubClsid32 High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}\ProxyStubClsid32## High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}\TypeLib High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}\TypeLib## High BigTrafficNetwork HKCR\Interface\{F3C41C1D-22F1-4692-8A7A-88DE70A2E9E2}\TypeLib##Version High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE} High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}## High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}\ProxyStubClsid High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}\ProxyStubClsid## High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}\ProxyStubClsid32 High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}\ProxyStubClsid32## High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}\TypeLib High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}\TypeLib## High BigTrafficNetwork HKCR\Interface\{FA6FA7A5-2C49-4567-BA74-6DD1C36099EE}\TypeLib##Version High Pops Stop HKCU\Software\In3rd High Pops Stop HKCU\Software\In3rd## High Pops Stop HKCU\Software\In3rd##120 High WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Info WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}## Info WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FriendlyName Info WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##CLSID Info WildTangent HKCR\CLSID\{083863F1-70DE-11d0-BD40-00A0C911CE86}\Instance\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}##FilterData Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000} Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}## Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid## Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32 Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\ProxyStubClsid32## Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib## Info WildTangent HKCR\interface\{05ef74a5-e109-11d2-a566-444553540000}\TypeLib##Version Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000} Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}## Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid## Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32 Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\ProxyStubClsid32## Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib## Info WildTangent HKCR\interface\{0e7ae465-ee8d-11d2-a566-444553540000}\TypeLib##Version Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b} Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}## Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid## Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32 Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\ProxyStubClsid32## Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib## Info WildTangent HKCR\interface\{1113c0b6-5300-4d5d-b2d7-35c14b28341b}\TypeLib##Version Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44} Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}## Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid## Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32 Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\ProxyStubClsid32## Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib## Info WildTangent HKCR\interface\{111d8b01-96c5-46dd-94d1-c6e8b1f69f44}\TypeLib##Version Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f} Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}## Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid## Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32 Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\ProxyStubClsid32## Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib## Info WildTangent HKCR\interface\{16410859-886f-4579-bc1f-330a139d0f0f}\TypeLib##Version Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08} Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}## Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid## Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32 Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\ProxyStubClsid32## Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib## Info WildTangent HKCR\interface\{35ed7dfb-a8ed-4216-a4bb-bc08c326ef08}\TypeLib##Version Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227} Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}## Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid## Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32 Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\ProxyStubClsid32## Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib## Info WildTangent HKCR\interface\{399a8818-2000-436c-9a55-0016e5e3d227}\TypeLib##Version Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64} Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}## Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid## Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32 Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\ProxyStubClsid32## Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib## Info WildTangent HKCR\interface\{52889e01-cb46-11d2-96bc-00104b242e64}\TypeLib##Version Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235} Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}## Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid## Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32 Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\ProxyStubClsid32## Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib## Info WildTangent HKCR\interface\{5c49cbd2-8ed7-439b-8668-32149f84a235}\TypeLib##Version Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000} Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}## Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid## Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32 Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\ProxyStubClsid32## Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib## Info WildTangent HKCR\interface\{6e6cf8e5-d795-11d2-a566-444553540000}\TypeLib##Version Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa} Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}## Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid## Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32 Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\ProxyStubClsid32## Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib## Info WildTangent HKCR\interface\{79884200-3ade-11d3-ac39-00105a2057fa}\TypeLib##Version Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d} Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}## Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid## Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32 Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\ProxyStubClsid32## Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib## Info WildTangent HKCR\interface\{810e95c2-f908-4e02-9b28-b92c3a778d0d}\TypeLib##Version Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7} Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}## Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid## Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32 Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\ProxyStubClsid32## Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib## Info WildTangent HKCR\interface\{aa0c96f9-a994-42d7-9543-842cf85e1ba7}\TypeLib##Version Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14} Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}## Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid## Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32 Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\ProxyStubClsid32## Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib## Info WildTangent HKCR\interface\{b57613b6-ef02-4d96-99c6-70c9a2014a14}\TypeLib##Version Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{bdb9b021-caff-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{bdb9b022-caff-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2} Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}## Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid## Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32 Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\ProxyStubClsid32## Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib## Info WildTangent HKCR\interface\{c1da7ab8-54fc-4971-9afb-1bcb9afc3aa2}\TypeLib##Version Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf} Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}## Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid## Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32 Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\ProxyStubClsid32## Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib## Info WildTangent HKCR\interface\{c3a156d4-503f-4779-a673-657308d94faf}\TypeLib##Version Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000} Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}## Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid## Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32 Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\ProxyStubClsid32## Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib## Info WildTangent HKCR\interface\{d72ac8e7-f41d-11d2-a566-444553540000}\TypeLib##Version Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30} Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}## Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid## Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32 Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\ProxyStubClsid32## Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib## Info WildTangent HKCR\interface\{de3e540a-f0f2-4761-99be-afc6dc427e30}\TypeLib##Version Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed} Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}## Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid## Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32 Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\ProxyStubClsid32## Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib## Info WildTangent HKCR\interface\{ea6f254d-1a8c-4518-8fe0-e9b94fd134ed}\TypeLib##Version Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d} Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}## Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid## Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32 Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\ProxyStubClsid32## Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib## Info WildTangent HKCR\interface\{ec914a5c-7c4b-4ac8-8c86-c10ff5c0d23d}\TypeLib##Version Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000} Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}## Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid## Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32 Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\ProxyStubClsid32## Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib## Info WildTangent HKCR\interface\{f10493c1-d0b6-11d2-a566-444553540000}\TypeLib##Version Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{fa13aa3a-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{fa13aa3e-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{fa13aa40-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{fa13aa44-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{fa13aa46-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{fa13aa50-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid## Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32 Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\ProxyStubClsid32## Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib## Info WildTangent HKCR\interface\{fa13aafa-ca9b-11d2-9780-00104b242ea3}\TypeLib##Version Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a} Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}## Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid## Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32 Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\ProxyStubClsid32## Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib## Info WildTangent HKCR\interface\{feca7cfa-1083-4073-a98a-cf3389fcaf6a}\TypeLib##Version Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3} Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}## Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0 Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0## Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0 Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0## Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32 Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\0\win32## Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\FLAGS## Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR Info WildTangent HKCR\typelib\{fa13aa2e-ca9b-11d2-9780-00104b242ea3}\1.0\HELPDIR## Info WildTangent HKCR\wt3d.wt Info WildTangent HKCR\wt3d.wt## Info WildTangent HKCR\wt3d.wt\CLSID Info WildTangent HKCR\wt3d.wt\CLSID## Info WildTangent HKCR\wt3d.wt\CurVer Info WildTangent HKCR\wt3d.wt\CurVer## Info WildTangent HKCR\wt3d.wt\Insertable Info WildTangent HKCR\wt3d.wt\Insertable## Info WildTangent HKCR\wt3d.wt.1 Info WildTangent HKCR\wt3d.wt.1## Info WildTangent HKCR\wt3d.wt.1\CLSID Info WildTangent HKCR\wt3d.wt.1\CLSID## Info WildTangent HKCR\wtvis.wtvisreceiver Info WildTangent HKCR\wtvis.wtvisreceiver## Info WildTangent HKCR\wtvis.wtvisreceiver\CLSID Info WildTangent HKCR\wtvis.wtvisreceiver\CLSID## Info WildTangent HKCR\wtvis.wtvisreceiver\CurVer Info WildTangent HKCR\wtvis.wtvisreceiver\CurVer## Info WildTangent HKCR\wtvis.wtvisreceiver.1 Info WildTangent HKCR\wtvis.wtvisreceiver.1## Info WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID Info WildTangent HKCR\wtvis.wtvisreceiver.1\CLSID## Info WildTangent HKCR\wtvis.wtvissender Info WildTangent HKCR\wtvis.wtvissender## Info WildTangent HKCR\wtvis.wtvissender\CLSID Info WildTangent HKCR\wtvis.wtvissender\CLSID## Info WildTangent HKCR\wtvis.wtvissender\CurVer Info WildTangent HKCR\wtvis.wtvissender\CurVer## Info WildTangent HKCR\wtvis.wtvissender.1 Info WildTangent HKCR\wtvis.wtvissender.1## Info WildTangent HKCR\wtvis.wtvissender.1\CLSID Info WildTangent HKCR\wtvis.wtvissender.1\CLSID## Info Known Bad Sites C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\distilled1@earthlink.net\Favorites\outwar.com round 19 - the land of monsters, gangsters, and pop stars!.url High Known Bad Sites C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\distilled1@earthlink.net\Favorites\torax-outwar.com - the land of monsters, gangsters, and pop stars!.url High Known Bad Sites C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\distilled1@earthlink.net\Favorites\toraxoutwar.com - massive online role-playing game (rpg)!.url High 2nd-thought.com HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489} Medium 2nd-thought.com HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13197ACE-6851-45C3-A7FF-C281324D5489}\iexplore Medium Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27D784D7-9217-4227-B43B-E06E4781E0CB} Low Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27D784D7-9217-4227-B43B-E06E4781E0CB}\iexplore Low Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B} Low Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CEFF6CD-6F08-4E4D-BCCD-FF7415288C3B}\iexplore Low Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3} Low Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}\iexplore Low Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333} Low Alexa HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1FABE79-25FC-46DE-8C5A-2C6DB9D64333}\iexplore Low AlwaysUpdatedNews HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA} High AlwaysUpdatedNews HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47CD99DF-8BCF-4B9B-94EF-02E51B2F79DA}\iexplore High Aornum HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522FA2-4656-11D5-B0E9-0050DAC24E8F} Elevated Aornum HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70522FA2-4656-11D5-B0E9-0050DAC24E8F}\iexplore Elevated BigTrafficNetwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12} High BigTrafficNetwork HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}\iexplore High Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F} Medium Common Components Unrelated HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{386A771C-E96A-421F-8BA7-32F1B706892F}\iexplore Medium ErrorGuard HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205FF73B-CA67-11D5-99DD-444553540006} High ErrorGuard HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{205FF73B-CA67-11D5-99DD-444553540006}\iexplore High Trojan.Downloader.Pacimedia HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB} High Trojan.Downloader.Pacimedia HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{972BB342-14A7-4660-83C1-51DDBEE171DB}\iexplore High WebSearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} Elevated WebSearch Toolbar HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87067F04-DE4C-4688-BC3C-4FCF39D609E7}\iexplore Elevated WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9} Info WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\InprocServer32 Info WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\ProgID Info WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\TypeLib Info WildTangent HKCR\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\VersionIndependentProgID Info WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9} Info WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\InprocServer32 Info WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\ProgID Info WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\TypeLib Info WildTangent HKLM\Software\Classes\CLSID\{7F23E6E5-0E79-4AEE-B723-B1463805D5A9}\VersionIndependentProgID Info WildTangent HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63} Info WildTangent HKCR\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32 Info WildTangent HKLM\Software\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63} Info WildTangent HKLM\Software\Classes\CLSID\{8ECF83A0-1AC9-11D4-8501-00A0CC5D1F63}\InprocServer32 Info WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5} Info WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\InprocServer32 Info WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\ProgID Info WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\TypeLib Info WildTangent HKCR\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\VersionIndependentProgID Info WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5} Info WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\InprocServer32 Info WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\ProgID Info WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\TypeLib Info WildTangent HKLM\Software\Classes\CLSID\{B9BA256A-075B-49EA-B9E2-7DBC2EF021D5}\VersionIndependentProgID Info WildTangent HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Info WildTangent HKCR\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32 Info WildTangent HKLM\Software\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63} Info WildTangent HKLM\Software\Classes\CLSID\{ECFBE6E0-1AC8-11D4-8501-00A0CC5D1F63}\InprocServer32 Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3} Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Control Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32 Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Insertable Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus\1 Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ProgID Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Programmable Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32 Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\TypeLib Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Version Info WildTangent HKCR\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\VersionIndependentProgID Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3} Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Control Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\InprocServer32 Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Insertable Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\MiscStatus\1 Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ProgID Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Programmable Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\ToolboxBitmap32 Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\TypeLib Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\Version Info WildTangent HKLM\Software\Classes\CLSID\{FA13A9FA-CA9B-11D2-9780-00104B242EA3}\VersionIndependentProgID Info Pops Stop C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\WOKHVWBY\updconf[1].xml High Pops Stop C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\S94Z2PE3\ssconf[1].php High Tracking Cookie(s) C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\distilled1@earthlink.net\Cookies\owner@realmedia[1].txt Medium WildTangent C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent Info WildTangent C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache Info WildTangent C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00 Info WildTangent C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00 Info WildTangent C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\01.dat Info WildTangent C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\cdacache.odds Info Alexa C:\Program Files\Alexa Toolbar Low Overpro.com C:\Program Files\Common Files\SWF Studio High Overpro.com C:\Program Files\Common Files\SWF Studio\Plugins2 High Overpro.com C:\Program Files\Common Files\SWF Studio\Plugins2\FileSys2.dll High Overpro.com C:\Program Files\Common Files\SWF Studio\Plugins2\HTTP.dll High Overpro.com C:\Program Files\Common Files\SWF Studio\Plugins2\Registry.dll High Overpro.com C:\Program Files\Common Files\SWF Studio\Plugins2\SysInfo.dll High ABetterInternet C:\WINDOWS\boncpar.htm Elevated Pops Stop C:\WINDOWS\ISSM0064.DAT High Alexa C:\WINDOWS\system32\AlxTB2.dll Low WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\jDRM0302.dll Info WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\wtdmmp.dll Info WildTangent C:\Program Files\Java\j2re1.4.1_02\bin\wtdmmpv.dll Info WildTangent C:\Program Files\Java\j2re1.4.1_02\lib\ext\wildtangent.jar Info WildTangent C:\Program Files\Java\j2re1.4.1_02\lib\ext\wtdmmpi.jar Info ILookup.Begin2Search C:\WINDOWS\system32\creditcard32123123123asdsa123.ico High

Answer

Subject: Re: Aurora.exe and nail.exe help with hijaker to clean
Answered By: livioflores-ga on 17 Sep 2005 22:01 PDT
Rated: 5 out of 5 stars

Hi!! Your HijackThis log shows a multi-infection, but i think that you can easy remove the pests. For example you have the file winbas12.exe in your computer that it this related to an adware recognized by Kaspersky antivirus as TrojanDownloader.Win32.VB.du: "Bleeping Computer - winbas12.exe - File Information": http://www.bleepingcomputer.com/startups/winbas12.exe-6361.html Another one is smproxy.exe, part of the SurfMonkey adware: "Bleeping Computer - smproxy.exe - File Information": http://www.bleepingcomputer.com/startups/smproxy.exe-11263.html These are the instructions you must follow to clean your computer: Download and install CleanUP!. Cleanup! deletes EVERYTHING out of temp/temporary folders and does not make backups: http://www.stevengould.org/downloads/cleanup/CleanUp40.exe Update Ewido: http://download.ewido.net/ewido-signatures-full-20050917.exe For future updates visit: http://www.ewido.net/en/download/updates/ Download CWShredder: http://www.intermute.com/spysubtract/cwshredder_download.html http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe For a Tutorial (it is for an older version but works fine with the last one) see: "CWShredder Tutorial - How to remove CoolWebSearch with CWShredder": Basically run cwshredder.exe --> Press the "Scan Only" button --> If something is found press the "Fix" button, if not press the "Next" and then "Exit" button. http://www.bleepingcomputer.com/forums/index.php?showtutorial=47 Uninstall SurfMonkey and/or the SurfMonkey Character: Click Start --> Settings --> Control Panel --> open Add/Remove Programs. You should find the SurfMonkey applications on the list of programs. Select SurfMonkey and click the Add/Remove button. Done. Run CWShredder and fix what it finds. Then reboot in safe mode and run the CleanUp! program. Set the program up as follows: Click "Options..." Move the arrow down to "Custom CleanUp!" Put a check next to the following: -Empty Recycle Bins -Delete Cookies -Delete Prefetch files -Scan local drives for temporary files -Cleanup! All Users Click OK Press the CleanUp! button to start the program. ---------------- Optional: �Run Ewido. -Click on scanner -Make sure the following boxes are checked before scanning: � Binder � Crypter � Archives -Click on Start Scan ---------------- MANDATORY*: Run HijackThis to scan your computer and check to fix the following items if present: R3 - URLSearchHook: (no name) - ~37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - (no file) R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file) O2 - BHO: ts - {4006DCA3-433D-4FC8-AC36-42DA7797DCB7} - C:\WINDOWS\system32\bho.dll ---> This is a serious pest: Adware.IEPageHelper O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe O4 - HKLM\..\Run: [] C:\Program Files\winbas12.exe O4 - HKCU\..\Run: [ichckupd] C:\WINDOWS\system32\ichckupd.exe O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/LSSupCtl.cab O16 - DPF: {21F16767-8DA7-4113-BEB0-F161B313407F} (XMirage Control) - http://www.myfamily.com/plugins/ue/Install_UE.exe O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - http://download.zonelabs.com/bin/free/cm/ICSCM.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031010/qtinstall.info.apple.com/mickey/us/win/QuickTimeFullInstaller.exe O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124747250031 O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX28.cab O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://www.anonymizer.com/anti-spyware/2.6/freescanner/WebAAS.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/ctrl/SymAData.cab O16 - DPF: {D670D0B3-05AB-4115-9F87-D983EF1AC747} (AOL Downloader Plugin) - http://pak01.pictures.aol.com/ygp/aol/plugin/download/YGPPicDownload.9.0.0.2.cab O16 - DPF: {E93A6FCA-C052-45DF-AC9B-B729066092F8} (Util Class) - https://isupport4.hp.com/motivedocs/linklauncher/MotUtil.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab O16 - DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} (ActiveCGM Control) - http://www4.ci.detroit.mi.us/CityofDetroit/Property_Maps/acgm/acgm.cab YES, THE COMPLETE O16 SECTION!! At this point press the "Fix Checked" button and cross your fingers ];>). Now reboot into normal mode (that is normally) and check the computer behaviour. Then run HijackThis, scan your computer and generate a fresh log, this log must be posted here as a request of a clarification. Note that you must not fix anything, I will perform a new analysis of it and I will tell you if there are remanents to be fixed with this tool. Hope that this works. Remember that this question is not ended until you get rid of the infections showed on this question, so please do not hesitate to request for further assistance on this topic if you need it, I will gladly respond your requests. Best regards. livoflores-ga
Request for Answer Clarification by empireday-ga on 18 Sep 2005 09:29 PDT Well I have done all of the above. Still have the pop ups I have also tryed using Counter Spy (found and removed a ton) andSpySubtract(blacklisted and removed/cleaned many)I have removed surfmonkey it the add/remove but it seems to still be there as I think it is stuck in the Earthlink.exe witch I use it has been on this computer for 2 years with no trouble. Well heres the new hijackthis LOG, I hope there is something we can come up with. you would think that the earthlink pop up blocker would catch it it wont even let me click links in my mail! Logfile of HijackThis v1.99.1 Scan saved at 11:21:50 AM, on 9/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\Program Files\Softex\OmniPass\Omniserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\WinPoET Broadband Connection\WrOS.EXE C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\windows\system\hpsysdrv.exe C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe C:\WINDOWS\SM1BG.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Common Files\Real\Update_OB\rnathchk.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\interMute\SpySubtract\SpySub.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italyadb.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=092805 serial=WS12WTX-9999998-UYR lang=EN O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE
Request for Answer Clarification by empireday-ga on 18 Sep 2005 09:39 PDT Also as I was ading this the pop up has taken over other windows boy this thing is nasty! Would just doing a XP recovery work? or help? that is of course if I can get back to befor 9/15.
Clarification of Answer by livioflores-ga on 18 Sep 2005 23:01 PDT I think that there is not time to try a recovery, some remanents are still in your computer. Please go to the following page and use the three online scan tools (free), let them fix anything that they found, please let me know what happened: http://housecall.trendmicro.com/ Then reboot again in safe mode and run HijackThis and check to fix the following items: R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/ O2 - BHO: TalMgr Class - {70230839-555C-4862-8D42-BB1E2352502C} - C:\WINDOWS\system32\italyadb.dll Did you updated Ewido and scan to fix your computer, what were the results of that? If you did not run Ewido try to do that now. Tell me the results of this task. Again reboot into normal mode and check the computer behaviour. Then run HijackThis, scan your computer and generate a new fresh log, this log must be posted here as a request of a clarification. Regards, livioflores-ga
Request for Answer Clarification by empireday-ga on 19 Sep 2005 17:04 PDT Well here are the logs. It seems most the hijacks are gone, although I keep getting a O2-(no name) {#####}(no name) and remove it each time ;) Ewido is updated this run found 2 spyware and 1 something here is the log: + Created on: 6:52:49 PM, 9/19/2005 + Report-Checksum: BA3B2EC9 + Scan result: C:\Documents and Settings\Owner\Application Data\Earthlink\6.0\distilled1@earthlink.net\Cookies\owner@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup ::Report End I guess it deleted the other log I saved but one of the reg keys was LPS.dll, witch had previously been removed improperly by CounterSpy, this time it seemed to work (as I still had full DSL conection. Here is the last HighjackThis log after only the safe mode scan, not the ewido scan in normal mode. Logfile of HijackThis v1.99.1 Scan saved at 6:23:38 PM, on 9/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Softex\OmniPass\OPXPApp.exe C:\WINDOWS\Explorer.EXE C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.yahoo.com/?.intl=us R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgrhttp://my.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.earthlink.net/AL/Search R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr/http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program Files\EarthLink TotalAccess\ElnIE.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: EarthLink Popup Blocker - {4B5F2E08-6F39-479a-B547-B2026E4C7EDF} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: EarthLink Toolbar - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - C:\Program Files\EarthLink TotalAccess\PnEL.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe O4 - HKLM\..\Run: [VTPreset] VTPreset.exe O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [WordPerfect Office 1215] C:\Program Files\WordPerfect Office 12\Programs\Registration.exe /title="WordPerfect Office 12" /date=092805 serial=WS12WTX-9999998-UYR lang=EN O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://.dmusic.com O15 - Trusted Zone: http://.dmusic.net O15 - Trusted Zone: http://.google.com O15 - Trusted Zone: http://.yahoo.com O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O20 - Winlogon Notify: OPXPGina - C:\Program Files\Softex\OmniPass\opxpgina.dll O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\WinPoET Broadband Connection\WrOS.EXE If you can find anything else PLEASE do let me know. You have been a great help, I am so glad you have been very paitent with my trouble. Is there a spyware protection that you would recomend over Search and Desrtroy and Ad Aware? I have locked up IE tight now and am adding the trusted sites as I go. so not to leave all the MS holes and backdoors open any more. Thanks ~empireday-ga
Request for Answer Clarification by empireday-ga on 19 Sep 2005 17:06 PDT oops house call ran and got 18 spywares , its almost like they are hidden and come back (this was befor the last posted log
Clarification of Answer by livioflores-ga on 19 Sep 2005 20:03 PDT Hi!! Thank you for the good rating and the tip. I am really glad to see a clean HJT log from your PC, although I suggest to fix the O15 section, it is a good idea to keep empty the trusted zone; the sites in this zone appears to be legitimate but it is an open door for pests. To prevent future infections I suggest you to download and install SpywareBlaster to "vaccinate" your computer: http://www.javacoolsoftware.com/spywareblaster.html Download it from here: http://ct7support.com/downloads/javacool/z341a/spywareblastersetup34.exe After installing it you must update SpywareBlaster, then use the protection features of it, for a guidance here is a nice tutorial: http://www.bleepingcomputer.com/forums/index.php?showtutorial=49 SpywareGuard provides a real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. It is free also: http://www.javacoolsoftware.com/spywareguard.html There is a tutorial here: http://www.bleepingcomputer.com/forums/Using_SpywareGuard_to_protect_your_computer_from_Spyware__and__Hijackers-tut50.html Remember to check for updates at least once a week for all your protection software; this will help to keep your computer clean and protected. Regards, livioflores-ga

empireday-ga rated this answer: 5 out of 5 stars

and gave an additional tip of: $2.00

livioflores-ga 
Is very patient, and is very knowlegable on spyware issues. Thanks for all the help

Comments

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at answers-support@google.com with the question ID listed above. Thank you.

Search Google Answers for

Google Home - Answers FAQ - Terms of Service - Privacy Policy