ran adaware, lost internet

[janeg]

I updated Adaware on my son's Dell laptop running XP Pro.
It quarantined and deleted more than 300 items. I saved
the quarantine log. After rebooting, I can no longer get
an internet connection. Anyone know why?
Here is my quarantine log.
ArchiveData(auto-quarantine- 06-03-2004 12-18-20.bckp)
======================================================

XUPITER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : toolbar.band.1
obj[1]=RegKey : toolbar.band
obj[2]=RegKey : CLSID\{702ad576-fddb-4d0f-9811-
a43252064684}
obj[3]=RegKey : Interface\{229B6742-97C5-4FA1-89D0-
0117BE82FC39}
obj[4]=Folder : c:\program files\common files\OE
obj[98]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009565.dll
obj[99]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009945.dll
obj[100]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010131.dll
obj[101]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011324.dll

WILDTANGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[5]=RegKey : SOFTWARE\WildTangent
obj[6]=RegKey : Control Panel\MMCPL
obj[7]=Folder : c:\windows\wt
obj[104]=File : c:\documents and settings\bill
gildart\local settings\temp\ubgmtat.exe
obj[105]=File : c:\program
files\aim\sysfiles\aimwdinstall.exe
obj[106]=File : c:\program files\aim\aimwdinstall.exe
obj[107]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012389.dll
obj[108]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012390.dll
obj[109]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012391.dll
obj[110]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012480.dll
obj[111]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012530.dll
obj[112]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012531.dll
obj[113]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012532.dll
obj[114]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012533.dll
obj[115]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012534.exe
obj[116]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012535.exe
obj[117]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012536.dll
obj[118]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012537.dll
obj[119]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012538.dll
obj[120]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012539.dll
obj[121]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012540.dll
obj[122]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012541.dll
obj[123]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012542.ax
obj[124]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012543.ax
obj[125]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012553.dll
obj[126]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012554.exe
obj[127]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012555.exe
obj[128]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012556.exe
obj[129]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012557.dll
obj[130]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012558.dll
obj[131]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012559.cpl
obj[132]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012560.cpl
obj[133]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012601.exe
obj[134]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012702.dll
obj[135]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012703.dll
obj[136]=File : c:\windows\wt\wtdrm\drm0302.dll
obj[137]=File : c:\windows\wt\wtdrm\jdrm0302.dll
obj[138]=File : c:\windows\wt\wtdrm\rdrm0302.dll
obj[139]=File : c:\windows\wt\updater
obj[140]=File : c:\windows\wt\webdriver
obj[141]=File : c:\windows\wt\wtdrm
obj[142]=File : c:\windows\wt\wtupdates

VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegKey : CLSID\{000020DD-C72E-4113-AF77-
DD56626C6C42}
obj[9]=RegKey : CLSID\{DDFFA75A-E81D-4454-89FC-
B9FD0631E726}
obj[10]=RegKey : SOFTWARE\twaintec
obj[11]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[12]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[13]=RegKey : Software\Look2Me
obj[14]=RegKey : SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian
obj[15]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved
obj[144]=File : c:\documents and settings\bill
gildart\local settings\temp\icd2.tmp\bi.dll
obj[145]=File : c:\documents and settings\bill
gildart\local settings\temp\icd4.tmp\bi.dll
obj[146]=File : c:\documents and settings\bill
gildart\local settings\temp\icd6.tmp\bi.dll
obj[147]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\preinstt.exe
obj[148]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\twaintec.dll
obj[149]=File : c:\documents and settings\bill
gildart\local settings\temp\belt.exe
obj[150]=File : c:\documents and settings\bill
gildart\local settings\temp\biini.cab
obj[151]=File : c:\documents and settings\bill
gildart\local settings\temp\preinsbi.exe
obj[152]=File : c:\documents and settings\bill
gildart\local settings\temp\twaintec.ini
obj[153]=File : c:\documents and settings\bill
gildart\local settings\temp\twtini.cab
obj[154]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011364.ini
obj[155]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011721.ini
obj[156]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012276.ini
obj[157]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012712.exe
obj[158]=File : c:\windows\system32\msg117.dll
obj[159]=File : c:\windows\temp\old70.tmp
obj[160]=File : c:\windows\preinsbi.exe
obj[161]=File : c:\windows\preinstt.exe
obj[162]=File : c:\windows\twaintec.dll
obj[163]=File : c:\windows\system32\msg{ccd4d772-95ad-
4ef0-a156-99f95b8b3548}0115.dll
obj[164]=File : c:\windows\system32\msg{f60366e4-d8b8-
4401-9b83-99fcdc916dca}0115.dll
obj[165]=File : c:\docume~1\billgi~1\locals~1
\temp\belt.cab
obj[166]=File : c:\docume~1\billgi~1\locals~1\temp\bi.ini
obj[167]=File : c:\docume~1\billgi~1\locals~1\temp\bi8.cab
obj[168]=File : c:\docume~1\billgi~1\locals~1\temp\bi8.inf
obj[169]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.cab
obj[170]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.inf
obj[171]=File : c:\docume~1\billgi~1\locals~1\temp\bil.cab
obj[172]=File : c:\docume~1\billgi~1\locals~1\temp\bil.inf
obj[173]=File : c:\docume~1\billgi~1\locals~1
\temp\twaintec.ini
obj[174]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.cab
obj[175]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.inf
obj[176]=File : c:\windows\bi.ini
obj[177]=File : c:\windows\inf\twtini.inf
obj[178]=File : c:\windows\twaintec.ini
obj[179]=File : c:\windows\system32\msg118.dll
obj[180]=File : c:\docume~1\billgi~1\locals~1
\temp\icd2.tmp\bi.dll
obj[181]=File : c:\docume~1\billgi~1\locals~1
\temp\icd4.tmp\bi.dll
obj[182]=File : c:\docume~1\billgi~1\locals~1
\temp\icd6.tmp\bi.dll
obj[183]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\preinstt.exe
obj[184]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\twaintec.dll

VISICOM MEDIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[16]=RegKey : CLSID\{4E7BD74F-2B8D-469E-C0FB-
EF60B19DA02A}
obj[17]=RegKey : wzhelper.WZHELPER
obj[18]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}
obj[19]=RegKey : Software\Dynamic Toolbar
obj[185]=File : c:\windows\system32\wzhelper.dll

POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[20]=RegValue : Software\Powerscan
obj[21]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[22]=Folder : c:\documents and settings\bill
gildart\start menu\programs\Power Scan
obj[254]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009557.exe
obj[255]=File : c:\documents and settings\bill
gildart\start menu\programs\power scan\power scan.lnk

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[23]=RegKey : Software\trshlycklyfafdee
obj[24]=RegData : Software\Microsoft\Internet
Explorer\Search
obj[25]=RegData : Software\Microsoft\Internet
Explorer\Main

OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[26]=RegKey : Software\adtomi
obj[256]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009729.exe
obj[257]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009733.exe
obj[258]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009737.exe

MEMORYWATCHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[27]=Folder : c:\program files\MemoryWatcher
obj[259]=File : c:\documents and settings\default user\my
documents\data\data\memwatcher.exe
obj[260]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012707.exe
obj[261]=File : c:\program
files\memorywatcher\upgradememorywatcher.exe

LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=Folder : c:\program files\lycos\Sidesearch
obj[262]=File : c:\program
files\lycos\sidesearch\sidesearch1211.dll
obj[263]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011300.dll

LOP.COM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[29]=RegKey : CLSID\{42213C05-A722-60DC-171A-
CBFC48BC8A13}
obj[30]=RegKey : CLSID\{D26FC04F-2F0A-9487-DEA0-
A719DF2D92E9}
obj[31]=RegKey : Drive.UploadROAM
obj[32]=RegKey : Drive.UploadROAM.1
obj[33]=RegKey : Each.TheBend
obj[34]=RegKey : Each.TheBend.1
obj[35]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{D26FC04F-2F0A-9487-DEA0-A719DF2D92E9}
obj[36]=RegValue : SOFTWARE\Microsoft\Internet
Explorer\Toolbar
obj[264]=File : c:\progra~1\softexit\about1.dll
obj[265]=File : c:\documents and settings\bill
gildart\application data\xthgltco.exe
obj[266]=File : c:\documents and settings\bill
gildart\local settings\temp\bkm1.exe
obj[267]=File : c:\documents and settings\bill
gildart\local settings\temp\bsd1.exe
obj[268]=File : c:\documents and settings\bill
gildart\local settings\temp\eom1.exe
obj[269]=File : c:\documents and settings\bill
gildart\local settings\temp\fqp4.exe
obj[270]=File : c:\documents and settings\bill
gildart\local settings\temp\guc1.exe
obj[271]=File : c:\documents and settings\bill
gildart\local settings\temp\hup2.exe
obj[272]=File : c:\documents and settings\bill
gildart\local settings\temp\iiw1.exe
obj[273]=File : c:\documents and settings\bill
gildart\local settings\temp\ipw1.exe
obj[274]=File : c:\documents and settings\bill
gildart\local settings\temp\nah1.exe
obj[275]=File : c:\documents and settings\bill
gildart\local settings\temp\ohl1.exe
obj[276]=File : c:\documents and settings\bill
gildart\local settings\temp\ohr1.exe
obj[277]=File : c:\documents and settings\bill
gildart\local settings\temp\quw1.exe
obj[278]=File : c:\documents and settings\bill
gildart\local settings\temp\rem2.exe
obj[279]=File : c:\documents and settings\bill
gildart\local settings\temp\rem9.exe
obj[280]=File : c:\documents and settings\bill
gildart\local settings\temp\rema.exe
obj[281]=File : c:\documents and settings\bill
gildart\local settings\temp\remb.exe
obj[282]=File : c:\documents and settings\bill
gildart\local settings\temp\remc.exe
obj[283]=File : c:\documents and settings\bill
gildart\local settings\temp\sbo1.exe
obj[284]=File : c:\documents and settings\bill
gildart\local settings\temp\urc1.exe
obj[285]=File : c:\documents and settings\bill
gildart\local settings\temp\uua1.exe
obj[286]=File : c:\documents and settings\bill
gildart\local settings\temp\ydi1.exe
obj[287]=File : c:\program files\softexit\about1.dll
obj[288]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011845.dll
obj[289]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012696.exe

ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[37]=RegValue : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser

IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[38]=RegKey : SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{26E8361F-BCE7-4F75-A347-
98C88B418322}
obj[39]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUTO_
UNINSTALL
obj[290]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009961.dll

HELPEXPRESS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[40]=RegKey : SOFTWARE\Alset\HX
obj[41]=RegKey : Software\Alset\HX\HXDL
obj[42]=RegKey : Software\Alset\HX\HXIUL
obj[43]=RegKey : Software\Alset
obj[44]=RegKey : SOFTWARE\Alset
obj[45]=RegValue :
Software\Microsoft\Windows\CurrentVersion\Run
obj[291]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010263.exe
obj[292]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012592.exe
obj[293]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012596.exe
obj[294]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012685.exe

EUNIVERSE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[46]=RegKey : bho.incredifindbho
obj[47]=RegKey : bho.incredifindbho.1
obj[48]=RegKey : CLSID\{5d60ff48-95be-4956-b4c6-
6bb168a70310}
obj[49]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-
E9613226F14D}
obj[50]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}
obj[51]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-
f8753551b875}
obj[52]=RegKey : SOFTWARE\IncrediFind
obj[53]=RegKey : SOFTWARE\updater
obj[54]=RegKey : Software\Visicom Media
obj[55]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-
000000000000}
obj[56]=Folder : c:\program files\Dynamic Toolbar
obj[295]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009957.exe
obj[296]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011321.exe
obj[297]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012635.exe
obj[298]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012640.exe
obj[299]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012679.exe
obj[300]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012680.exe
obj[301]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012681.exe
obj[302]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012692.dll
obj[303]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012693.dll
obj[304]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012697.dll
obj[305]=File : c:\program files\dynamic toolbar\pwrswmda
obj[306]=File : c:\program files\dynamic toolbar\wzhelper
obj[307]=File : c:\docume~1\billgi~1\locals~1
\temp\incredifindbholog.tmp
obj[308]=File : c:\temp\eunivbholog.tmp

CLIPGENIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[57]=RegKey : Software\ClipGenie
obj[58]=RegKey : Software\TrayNotifier\ClipGenie
obj[59]=RegKey : SOFTWARE\TrayNotifier\ClipGenie
obj[322]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010054.exe
obj[323]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010057.exe
obj[324]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010116.exe

CLEARSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[60]=RegValue : Software\Microsoft\Internet
Explorer\URLSearchHooks
obj[325]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009552.exe
obj[326]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011311.exe
obj[327]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011314.exe
obj[328]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011407.exe
obj[329]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011408.exe

CLARIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[61]=RegKey : CLSID\{dbae7000-01ec-4162-8feb-
8a27ac937ca0}
obj[62]=RegKey : hdplugin.hdpluginctrl
obj[63]=RegKey : hdplugin.hdpluginctrl.1
obj[64]=RegKey : TYPELIB\{2ec7a834-9c5e-4154-badc-
0d86a2edc82d}
obj[65]=RegKey : Interface\{22D34833-06F9-4CE6-9FF7-
CE4DA0BA351D}
obj[330]=File : c:\windows\downloaded program
files\hdplugin1014.dll
obj[331]=File : c:\windows\downloaded program
files\hdplugin1014.inf
obj[332]=File : c:\windows\downloaded program
files\hdplugin1015.dll
obj[333]=File : c:\windows\downloaded program
files\hdplugin1015.inf
obj[334]=File : c:\documents and settings\all users\start
menu\programs\startup\gstartup.lnk

ADROTATOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[66]=RegKey : AdRotator.Application
obj[67]=RegKey : CLSID\{34EF5B1C-52CB-400b-8B7C-
F787018B3826}
obj[68]=RegKey : CLSID\{3E7145B1-EA07-42CE-9299-
11DF39FF54BD}
obj[69]=RegKey : CLSID\{5074851C-F67A-488E-A9C9-
C244573F4068}
obj[70]=RegKey : defaultsearch.seekseek
obj[71]=RegKey : defaultsearch.seekseek.1
obj[72]=RegKey : Interface\{39341EB6-C340-4F68-AB9D-
EE4917309828}
obj[73]=RegKey : Interface\{E9D8697E-BEA9-4170-84F3-
509AD2A11951}
obj[74]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5074851C-F67A-488E-A9C9-C244573F4068}
obj[75]=RegKey : SOFTWARE\Mwsvm
obj[76]=RegKey : SOFTWARE\slmss
obj[77]=RegKey : TypeLib\{3CD9D85E-1FF2-4BF7-A113-
6669B8D1E676}
obj[78]=RegKey : TYPELIB\{eac42c32-1fe3-4fd0-9f27-
e7f9ccf5fcd9}
obj[79]=RegKey : urllauncher.urllaunchercontrol
obj[80]=RegKey : urllauncher.urllaunchercontrol.1
obj[81]=Folder : c:\program files\common files\Slmss
obj[338]=File : c:\program files\common
files\slmss\slmss.exe
obj[339]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009503.exe
obj[340]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010290.ocx
obj[341]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010291.exe
obj[342]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011316.exe
obj[343]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011410.exe
obj[344]=File : c:\windows\ieasst.dll
obj[345]=File : c:\windows\mwsvm.bin
obj[346]=File : c:\windows\urls.bin
obj[347]=File : c:\windows\vurls.bin
obj[348]=File : c:\windows\mwsvm.dat
obj[349]=File : c:\windows\mwsvm.exe
obj[350]=File : c:\windows\mwsvm.ocx
obj[351]=File : c:\windows\vs.bin

ADDESTROYER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[82]=RegKey : software\vb and vba program
settings\addestroyer

180SOLUTIONS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[83]=RegKey : Interface\{8DD50C56-8A07-40B9-98C4-
3F169E3AE28E}
obj[84]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.1/nCaseInstaller.dll
obj[85]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.1/nCASELib.dll
obj[86]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.2/nCaseInstaller.dll
obj[87]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.2/nCASELib.dll
obj[88]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.3/nCaseInstaller.dll
obj[89]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.3/nCASELib.dll
obj[90]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/nCASELib.dll
obj[91]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[92]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[93]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[94]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[95]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[96]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[97]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[354]=File : c:\windows\downloaded program
files\conflict.1\ncaseinstaller.dll
obj[355]=File : c:\windows\downloaded program
files\conflict.1\ncaselib.dll
obj[356]=File : c:\windows\downloaded program
files\conflict.2\ncaseinstaller.dll
obj[357]=File : c:\windows\downloaded program
files\conflict.2\ncaselib.dll
obj[358]=File : c:\windows\downloaded program
files\conflict.3\ncaseinstaller.dll
obj[359]=File : c:\windows\downloaded program
files\conflict.3\ncaselib.dll
obj[360]=File : c:\windows\downloaded program
files\ncaselib.dll
obj[361]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011315.exe
obj[362]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011409.exe
obj[363]=File : c:\windows\system32\iefeatures.exe

WIN32.WELCHIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[102]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009499.exe
obj[103]=File : c:\windows\system32\wins\svchost.exe

WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[143]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011422.exe

STATBLASTER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[186]=File : c:\program
files\media\media\updatestats.exe

SECONDTHOUGHT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[187]=File : c:\windows\downloaded program
files\conflict.1\install.exe
obj[188]=File : c:\windows\downloaded program
files\conflict.2\install.exe
obj[189]=File : c:\windows\downloaded program
files\conflict.3\install.exe
obj[190]=File : c:\windows\downloaded program
files\install.exe
obj[191]=File : c:\windows\system32\idleui.dll
obj[192]=File : c:\windows\system32\stcloader.exe

SEARCHCENTRIX
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[193]=File : c:\windows\system32\barbho.dll

SAHAGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[194]=File : c:\windows\downloaded program
files\lsp_.dll
obj[195]=File : c:\windows\downloaded program
files\sahagent_.exe
obj[196]=File : c:\windows\downloaded program
files\sahdownloader_.exe
obj[197]=File : c:\windows\downloaded program
files\sahhtml_.exe
obj[198]=File : c:\windows\downloaded program
files\sahuninstall_.exe
obj[199]=File : c:\windows\system32\sahagent.exe
obj[200]=File : c:\windows\system32\sahagent1008.exe
obj[201]=File : c:\windows\system32\sahhtml.exe

RADS01.QUADROGRAM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[202]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008137.exe
obj[203]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008151.exe
obj[204]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008174.exe
obj[205]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008193.exe
obj[206]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008336.exe
obj[207]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008351.exe
obj[208]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008377.exe
obj[209]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009368.exe
obj[210]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009385.exe
obj[211]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009414.exe
obj[212]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009438.exe
obj[213]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009465.exe
obj[214]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009484.exe
obj[215]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009511.exe
obj[216]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009525.exe
obj[217]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009542.exe
obj[218]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009576.exe
obj[219]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp126\a0009614.exe
obj[220]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp127\a0009631.exe
obj[221]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009681.exe
obj[222]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009718.exe
obj[223]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009929.exe
obj[224]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009972.exe
obj[225]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010011.exe
obj[226]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010076.exe
obj[227]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010106.exe
obj[228]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010152.exe
obj[229]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010248.exe
obj[230]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010284.exe
obj[231]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011291.exe
obj[232]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011338.exe
obj[233]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011388.exe
obj[234]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011455.exe
obj[235]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp146\a0011492.exe
obj[236]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp147\a0011535.exe
obj[237]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011643.exe
obj[238]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011677.exe
obj[239]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011742.exe
obj[240]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp153\a0011758.exe
obj[241]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011788.exe
obj[242]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011814.exe
obj[243]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011838.exe
obj[244]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012073.exe
obj[245]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012209.exe
obj[246]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012224.exe
obj[247]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012248.exe
obj[248]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012264.exe
obj[249]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012297.exe
obj[250]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp155\a0012331.exe
obj[251]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012496.exe
obj[252]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012510.exe
obj[253]=File : c:\windows\emsw.exe

DOWNLOADWARE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[309]=File : c:\documents and settings\bill
gildart\local settings\temp\ins282.tmp
obj[310]=File : c:\documents and settings\bill
gildart\local settings\temp\ins6f.tmp
obj[311]=File : c:\windows\digital signature 20031112.htm
obj[312]=File : c:\windows\digital signature 20031118.htm
obj[313]=File : c:\windows\digital signature 20031204.htm
obj[314]=File : c:\windows\digital signature 20031205.htm
obj[315]=File : c:\windows\digital signature 20031209.htm
obj[316]=File : c:\windows\digital signature 20031211.htm
obj[317]=File : c:\windows\digital signature 20031212.htm
obj[318]=File : c:\windows\digital signature 20031213.htm
obj[319]=File : c:\windows\digital signature 20031216.htm
obj[320]=File : c:\windows\digital signature 20040115.htm
obj[321]=File : c:\windows\digital signature 20040121.htm

ADSINCONTEXT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[335]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008180.exe
obj[336]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010028.dll
obj[337]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011467.exe

ADPARTNER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[352]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011778.dll
obj[353]=File : c:\windows\system32\aplsp.dll

 

[Guest]

-----Original Message-----
I updated Adaware on my son's Dell laptop running XP Pro.
It quarantined and deleted more than 300 items. I saved
the quarantine log. After rebooting, I can no longer get
an internet connection. Anyone know why?
Here is my quarantine log.
ArchiveData(auto-quarantine- 06-03-2004 12-18-20.bckp)
======================================================

XUPITER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : toolbar.band.1
obj[1]=RegKey : toolbar.band
obj[2]=RegKey : CLSID\{702ad576-fddb-4d0f-9811-
a43252064684}
obj[3]=RegKey : Interface\{229B6742-97C5-4FA1-89D0-
0117BE82FC39}
obj[4]=Folder : c:\program files\common files\OE
obj[98]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009565.dll
obj[99]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009945.dll
obj[100]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010131.dll
obj[101]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011324.dll

WILDTANGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[5]=RegKey : SOFTWARE\WildTangent
obj[6]=RegKey : Control Panel\MMCPL
obj[7]=Folder : c:\windows\wt
obj[104]=File : c:\documents and settings\bill
gildart\local settings\temp\ubgmtat.exe
obj[105]=File : c:\program
files\aim\sysfiles\aimwdinstall.exe
obj[106]=File : c:\program files\aim\aimwdinstall.exe
obj[107]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012389.dll
obj[108]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012390.dll
obj[109]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012391.dll
obj[110]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012480.dll
obj[111]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012530.dll
obj[112]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012531.dll
obj[113]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012532.dll
obj[114]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012533.dll
obj[115]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012534.exe
obj[116]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012535.exe
obj[117]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012536.dll
obj[118]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012537.dll
obj[119]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012538.dll
obj[120]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012539.dll
obj[121]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012540.dll
obj[122]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012541.dll
obj[123]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012542.ax
obj[124]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012543.ax
obj[125]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012553.dll
obj[126]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012554.exe
obj[127]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012555.exe
obj[128]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012556.exe
obj[129]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012557.dll
obj[130]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012558.dll
obj[131]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012559.cpl
obj[132]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012560.cpl
obj[133]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012601.exe
obj[134]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012702.dll
obj[135]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012703.dll
obj[136]=File : c:\windows\wt\wtdrm\drm0302.dll
obj[137]=File : c:\windows\wt\wtdrm\jdrm0302.dll
obj[138]=File : c:\windows\wt\wtdrm\rdrm0302.dll
obj[139]=File : c:\windows\wt\updater
obj[140]=File : c:\windows\wt\webdriver
obj[141]=File : c:\windows\wt\wtdrm
obj[142]=File : c:\windows\wt\wtupdates

VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegKey : CLSID\{000020DD-C72E-4113-AF77-
DD56626C6C42}
obj[9]=RegKey : CLSID\{DDFFA75A-E81D-4454-89FC-
B9FD0631E726}
obj[10]=RegKey : SOFTWARE\twaintec
obj[11]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[12]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[13]=RegKey : Software\Look2Me
obj[14]=RegKey : SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian
obj[15]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved
obj[144]=File : c:\documents and settings\bill
gildart\local settings\temp\icd2.tmp\bi.dll
obj[145]=File : c:\documents and settings\bill
gildart\local settings\temp\icd4.tmp\bi.dll
obj[146]=File : c:\documents and settings\bill
gildart\local settings\temp\icd6.tmp\bi.dll
obj[147]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\preinstt.exe
obj[148]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\twaintec.dll
obj[149]=File : c:\documents and settings\bill
gildart\local settings\temp\belt.exe
obj[150]=File : c:\documents and settings\bill
gildart\local settings\temp\biini.cab
obj[151]=File : c:\documents and settings\bill
gildart\local settings\temp\preinsbi.exe
obj[152]=File : c:\documents and settings\bill
gildart\local settings\temp\twaintec.ini
obj[153]=File : c:\documents and settings\bill
gildart\local settings\temp\twtini.cab
obj[154]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011364.ini
obj[155]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011721.ini
obj[156]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012276.ini
obj[157]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012712.exe
obj[158]=File : c:\windows\system32\msg117.dll
obj[159]=File : c:\windows\temp\old70.tmp
obj[160]=File : c:\windows\preinsbi.exe
obj[161]=File : c:\windows\preinstt.exe
obj[162]=File : c:\windows\twaintec.dll
obj[163]=File : c:\windows\system32\msg{ccd4d772-95ad-
4ef0-a156-99f95b8b3548}0115.dll
obj[164]=File : c:\windows\system32\msg{f60366e4-d8b8-
4401-9b83-99fcdc916dca}0115.dll
obj[165]=File : c:\docume~1\billgi~1\locals~1
\temp\belt.cab
obj[166]=File : c:\docume~1\billgi~1\locals~1\temp\bi.ini
obj[167]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.cab
obj[168]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.inf
obj[169]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.cab
obj[170]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.inf
obj[171]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.cab
obj[172]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.inf
obj[173]=File : c:\docume~1\billgi~1\locals~1
\temp\twaintec.ini
obj[174]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.cab
obj[175]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.inf
obj[176]=File : c:\windows\bi.ini
obj[177]=File : c:\windows\inf\twtini.inf
obj[178]=File : c:\windows\twaintec.ini
obj[179]=File : c:\windows\system32\msg118.dll
obj[180]=File : c:\docume~1\billgi~1\locals~1
\temp\icd2.tmp\bi.dll
obj[181]=File : c:\docume~1\billgi~1\locals~1
\temp\icd4.tmp\bi.dll
obj[182]=File : c:\docume~1\billgi~1\locals~1
\temp\icd6.tmp\bi.dll
obj[183]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\preinstt.exe
obj[184]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\twaintec.dll

VISICOM MEDIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[16]=RegKey : CLSID\{4E7BD74F-2B8D-469E-C0FB-
EF60B19DA02A}
obj[17]=RegKey : wzhelper.WZHELPER
obj[18]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}
obj[19]=RegKey : Software\Dynamic Toolbar
obj[185]=File : c:\windows\system32\wzhelper.dll

POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[20]=RegValue : Software\Powerscan
obj[21]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[22]=Folder : c:\documents and settings\bill
gildart\start menu\programs\Power Scan
obj[254]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009557.exe
obj[255]=File : c:\documents and settings\bill
gildart\start menu\programs\power scan\power scan.lnk

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[23]=RegKey : Software\trshlycklyfafdee
obj[24]=RegData : Software\Microsoft\Internet
Explorer\Search
obj[25]=RegData : Software\Microsoft\Internet
Explorer\Main

OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[26]=RegKey : Software\adtomi
obj[256]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009729.exe
obj[257]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009733.exe
obj[258]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009737.exe

MEMORYWATCHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[27]=Folder : c:\program files\MemoryWatcher
obj[259]=File : c:\documents and settings\default user\my
documents\data\data\memwatcher.exe
obj[260]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012707.exe
obj[261]=File : c:\program
files\memorywatcher\upgradememorywatcher.exe

LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=Folder : c:\program files\lycos\Sidesearch
obj[262]=File : c:\program
files\lycos\sidesearch\sidesearch1211.dll
obj[263]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011300.dll

LOP.COM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[29]=RegKey : CLSID\{42213C05-A722-60DC-171A-
CBFC48BC8A13}
obj[30]=RegKey : CLSID\{D26FC04F-2F0A-9487-DEA0-
A719DF2D92E9}
obj[31]=RegKey : Drive.UploadROAM
obj[32]=RegKey : Drive.UploadROAM.1
obj[33]=RegKey : Each.TheBend
obj[34]=RegKey : Each.TheBend.1
obj[35]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{D26FC04F-2F0A-9487-DEA0-A719DF2D92E9}
obj[36]=RegValue : SOFTWARE\Microsoft\Internet
Explorer\Toolbar
obj[264]=File : c:\progra~1\softexit\about1.dll
obj[265]=File : c:\documents and settings\bill
gildart\application data\xthgltco.exe
obj[266]=File : c:\documents and settings\bill
gildart\local settings\temp\bkm1.exe
obj[267]=File : c:\documents and settings\bill
gildart\local settings\temp\bsd1.exe
obj[268]=File : c:\documents and settings\bill
gildart\local settings\temp\eom1.exe
obj[269]=File : c:\documents and settings\bill
gildart\local settings\temp\fqp4.exe
obj[270]=File : c:\documents and settings\bill
gildart\local settings\temp\guc1.exe
obj[271]=File : c:\documents and settings\bill
gildart\local settings\temp\hup2.exe
obj[272]=File : c:\documents and settings\bill
gildart\local settings\temp\iiw1.exe
obj[273]=File : c:\documents and settings\bill
gildart\local settings\temp\ipw1.exe
obj[274]=File : c:\documents and settings\bill
gildart\local settings\temp\nah1.exe
obj[275]=File : c:\documents and settings\bill
gildart\local settings\temp\ohl1.exe
obj[276]=File : c:\documents and settings\bill
gildart\local settings\temp\ohr1.exe
obj[277]=File : c:\documents and settings\bill
gildart\local settings\temp\quw1.exe
obj[278]=File : c:\documents and settings\bill
gildart\local settings\temp\rem2.exe
obj[279]=File : c:\documents and settings\bill
gildart\local settings\temp\rem9.exe
obj[280]=File : c:\documents and settings\bill
gildart\local settings\temp\rema.exe
obj[281]=File : c:\documents and settings\bill
gildart\local settings\temp\remb.exe
obj[282]=File : c:\documents and settings\bill
gildart\local settings\temp\remc.exe
obj[283]=File : c:\documents and settings\bill
gildart\local settings\temp\sbo1.exe
obj[284]=File : c:\documents and settings\bill
gildart\local settings\temp\urc1.exe
obj[285]=File : c:\documents and settings\bill
gildart\local settings\temp\uua1.exe
obj[286]=File : c:\documents and settings\bill
gildart\local settings\temp\ydi1.exe
obj[287]=File : c:\program files\softexit\about1.dll
obj[288]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011845.dll
obj[289]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012696.exe

ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[37]=RegValue : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser

IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[38]=RegKey : SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{26E8361F-BCE7-4F75-A347-
98C88B418322}
obj[39]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUTO _
UNINSTALL
obj[290]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009961.dll

HELPEXPRESS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[40]=RegKey : SOFTWARE\Alset\HX
obj[41]=RegKey : Software\Alset\HX\HXDL
obj[42]=RegKey : Software\Alset\HX\HXIUL
obj[43]=RegKey : Software\Alset
obj[44]=RegKey : SOFTWARE\Alset
obj[45]=RegValue :
Software\Microsoft\Windows\CurrentVersion\Run
obj[291]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010263.exe
obj[292]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012592.exe
obj[293]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012596.exe
obj[294]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012685.exe

EUNIVERSE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[46]=RegKey : bho.incredifindbho
obj[47]=RegKey : bho.incredifindbho.1
obj[48]=RegKey : CLSID\{5d60ff48-95be-4956-b4c6-
6bb168a70310}
obj[49]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-
E9613226F14D}
obj[50]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}
obj[51]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-
f8753551b875}
obj[52]=RegKey : SOFTWARE\IncrediFind
obj[53]=RegKey : SOFTWARE\updater
obj[54]=RegKey : Software\Visicom Media
obj[55]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-
000000000000}
obj[56]=Folder : c:\program files\Dynamic Toolbar
obj[295]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009957.exe
obj[296]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011321.exe
obj[297]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012635.exe
obj[298]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012640.exe
obj[299]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012679.exe
obj[300]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012680.exe
obj[301]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012681.exe
obj[302]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012692.dll
obj[303]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012693.dll
obj[304]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012697.dll
obj[305]=File : c:\program files\dynamic toolbar\pwrswmda
obj[306]=File : c:\program files\dynamic toolbar\wzhelper
obj[307]=File : c:\docume~1\billgi~1\locals~1
\temp\incredifindbholog.tmp
obj[308]=File : c:\temp\eunivbholog.tmp

CLIPGENIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[57]=RegKey : Software\ClipGenie
obj[58]=RegKey : Software\TrayNotifier\ClipGenie
obj[59]=RegKey : SOFTWARE\TrayNotifier\ClipGenie
obj[322]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010054.exe
obj[323]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010057.exe
obj[324]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010116.exe

CLEARSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[60]=RegValue : Software\Microsoft\Internet
Explorer\URLSearchHooks
obj[325]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009552.exe
obj[326]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011311.exe
obj[327]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011314.exe
obj[328]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011407.exe
obj[329]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011408.exe

CLARIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[61]=RegKey : CLSID\{dbae7000-01ec-4162-8feb-
8a27ac937ca0}
obj[62]=RegKey : hdplugin.hdpluginctrl
obj[63]=RegKey : hdplugin.hdpluginctrl.1
obj[64]=RegKey : TYPELIB\{2ec7a834-9c5e-4154-badc-
0d86a2edc82d}
obj[65]=RegKey : Interface\{22D34833-06F9-4CE6-9FF7-
CE4DA0BA351D}
obj[330]=File : c:\windows\downloaded program
files\hdplugin1014.dll
obj[331]=File : c:\windows\downloaded program
files\hdplugin1014.inf
obj[332]=File : c:\windows\downloaded program
files\hdplugin1015.dll
obj[333]=File : c:\windows\downloaded program
files\hdplugin1015.inf
obj[334]=File : c:\documents and settings\all users\start
menu\programs\startup\gstartup.lnk

ADROTATOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[66]=RegKey : AdRotator.Application
obj[67]=RegKey : CLSID\{34EF5B1C-52CB-400b-8B7C-
F787018B3826}
obj[68]=RegKey : CLSID\{3E7145B1-EA07-42CE-9299-
11DF39FF54BD}
obj[69]=RegKey : CLSID\{5074851C-F67A-488E-A9C9-
C244573F4068}
obj[70]=RegKey : defaultsearch.seekseek
obj[71]=RegKey : defaultsearch.seekseek.1
obj[72]=RegKey : Interface\{39341EB6-C340-4F68-AB9D-
EE4917309828}
obj[73]=RegKey : Interface\{E9D8697E-BEA9-4170-84F3-
509AD2A11951}
obj[74]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{5074851C-F67A-488E-A9C9-C244573F4068}
obj[75]=RegKey : SOFTWARE\Mwsvm
obj[76]=RegKey : SOFTWARE\slmss
obj[77]=RegKey : TypeLib\{3CD9D85E-1FF2-4BF7-A113-
6669B8D1E676}
obj[78]=RegKey : TYPELIB\{eac42c32-1fe3-4fd0-9f27-
e7f9ccf5fcd9}
obj[79]=RegKey : urllauncher.urllaunchercontrol
obj[80]=RegKey : urllauncher.urllaunchercontrol.1
obj[81]=Folder : c:\program files\common files\Slmss
obj[338]=File : c:\program files\common
files\slmss\slmss.exe
obj[339]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009503.exe
obj[340]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010290.ocx
obj[341]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010291.exe
obj[342]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011316.exe
obj[343]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011410.exe
obj[344]=File : c:\windows\ieasst.dll
obj[345]=File : c:\windows\mwsvm.bin
obj[346]=File : c:\windows\urls.bin
obj[347]=File : c:\windows\vurls.bin
obj[348]=File : c:\windows\mwsvm.dat
obj[349]=File : c:\windows\mwsvm.exe
obj[350]=File : c:\windows\mwsvm.ocx
obj[351]=File : c:\windows\vs.bin

ADDESTROYER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[82]=RegKey : software\vb and vba program
settings\addestroyer

180SOLUTIONS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[83]=RegKey : Interface\{8DD50C56-8A07-40B9-98C4-
3F169E3AE28E}
obj[84]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program
Files/CONFLICT.1/nCaseInstaller.dll
obj[85]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/CONFLICT.1/nCASELib.dll
obj[86]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program
Files/CONFLICT.2/nCaseInstaller.dll
obj[87]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/CONFLICT.2/nCASELib.dll
obj[88]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program
Files/CONFLICT.3/nCaseInstaller.dll
obj[89]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/CONFLICT.3/nCASELib.dll
obj[90]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/nCASELib.dll
obj[91]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[92]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[93]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[94]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[95]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[96]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[97]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[354]=File : c:\windows\downloaded program
files\conflict.1\ncaseinstaller.dll
obj[355]=File : c:\windows\downloaded program
files\conflict.1\ncaselib.dll
obj[356]=File : c:\windows\downloaded program
files\conflict.2\ncaseinstaller.dll
obj[357]=File : c:\windows\downloaded program
files\conflict.2\ncaselib.dll
obj[358]=File : c:\windows\downloaded program
files\conflict.3\ncaseinstaller.dll
obj[359]=File : c:\windows\downloaded program
files\conflict.3\ncaselib.dll
obj[360]=File : c:\windows\downloaded program
files\ncaselib.dll
obj[361]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011315.exe
obj[362]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011409.exe
obj[363]=File : c:\windows\system32\iefeatures.exe

WIN32.WELCHIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[102]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009499.exe
obj[103]=File : c:\windows\system32\wins\svchost.exe

WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[143]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011422.exe

STATBLASTER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[186]=File : c:\program
files\media\media\updatestats.exe

SECONDTHOUGHT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[187]=File : c:\windows\downloaded program
files\conflict.1\install.exe
obj[188]=File : c:\windows\downloaded program
files\conflict.2\install.exe
obj[189]=File : c:\windows\downloaded program
files\conflict.3\install.exe
obj[190]=File : c:\windows\downloaded program
files\install.exe
obj[191]=File : c:\windows\system32\idleui.dll
obj[192]=File : c:\windows\system32\stcloader.exe

SEARCHCENTRIX
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[193]=File : c:\windows\system32\barbho.dll

SAHAGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[194]=File : c:\windows\downloaded program
files\lsp_.dll
obj[195]=File : c:\windows\downloaded program
files\sahagent_.exe
obj[196]=File : c:\windows\downloaded program
files\sahdownloader_.exe
obj[197]=File : c:\windows\downloaded program
files\sahhtml_.exe
obj[198]=File : c:\windows\downloaded program
files\sahuninstall_.exe
obj[199]=File : c:\windows\system32\sahagent.exe
obj[200]=File : c:\windows\system32\sahagent1008.exe
obj[201]=File : c:\windows\system32\sahhtml.exe

RADS01.QUADROGRAM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[202]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008137.exe
obj[203]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008151.exe
obj[204]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008174.exe
obj[205]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008193.exe
obj[206]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008336.exe
obj[207]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008351.exe
obj[208]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008377.exe
obj[209]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009368.exe
obj[210]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009385.exe
obj[211]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009414.exe
obj[212]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009438.exe
obj[213]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009465.exe
obj[214]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009484.exe
obj[215]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009511.exe
obj[216]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009525.exe
obj[217]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009542.exe
obj[218]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009576.exe
obj[219]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp126\a0009614.exe
obj[220]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp127\a0009631.exe
obj[221]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009681.exe
obj[222]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009718.exe
obj[223]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009929.exe
obj[224]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009972.exe
obj[225]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010011.exe
obj[226]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010076.exe
obj[227]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010106.exe
obj[228]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010152.exe
obj[229]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010248.exe
obj[230]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010284.exe
obj[231]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011291.exe
obj[232]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011338.exe
obj[233]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011388.exe
obj[234]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011455.exe
obj[235]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp146\a0011492.exe
obj[236]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp147\a0011535.exe
obj[237]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011643.exe
obj[238]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011677.exe
obj[239]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011742.exe
obj[240]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp153\a0011758.exe
obj[241]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011788.exe
obj[242]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011814.exe
obj[243]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011838.exe
obj[244]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012073.exe
obj[245]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012209.exe
obj[246]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012224.exe
obj[247]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012248.exe
obj[248]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012264.exe
obj[249]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012297.exe
obj[250]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp155\a0012331.exe
obj[251]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012496.exe
obj[252]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012510.exe
obj[253]=File : c:\windows\emsw.exe

DOWNLOADWARE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[309]=File : c:\documents and settings\bill
gildart\local settings\temp\ins282.tmp
obj[310]=File : c:\documents and settings\bill
gildart\local settings\temp\ins6f.tmp
obj[311]=File : c:\windows\digital signature 20031112.htm
obj[312]=File : c:\windows\digital signature 20031118.htm
obj[313]=File : c:\windows\digital signature 20031204.htm
obj[314]=File : c:\windows\digital signature 20031205.htm
obj[315]=File : c:\windows\digital signature 20031209.htm
obj[316]=File : c:\windows\digital signature 20031211.htm
obj[317]=File : c:\windows\digital signature 20031212.htm
obj[318]=File : c:\windows\digital signature 20031213.htm
obj[319]=File : c:\windows\digital signature 20031216.htm
obj[320]=File : c:\windows\digital signature 20040115.htm
obj[321]=File : c:\windows\digital signature 20040121.htm

ADSINCONTEXT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[335]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008180.exe
obj[336]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010028.dll
obj[337]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011467.exe

ADPARTNER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[352]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011778.dll
obj[353]=File : c:\windows\system32\aplsp.dll


.
WOW you sure had a lot of spyware!Most looks like it

came from porno sites.Wow a lot of porno sites!You may
have had a worm or trojan,that gets loaded with
porno.You may have to format,and restore.First try to get
an ip address by going to start--run--type in cmd,then
hit enter--type in ipconfig/release--then type in
ipconfig/renew------close it out try internet----works
great,if not try---start--control panel--network
connections--check your internet connection,if it's
disabled r-click it and enable it.WOW thats a lot of spy
porno.Run your antivirus,make sure its updated,if it's
not or you don't have one go to
http://www.my-etrust.com/microsoft/
they have 1 year for free.You should also check
http://www.microsoft.com/security/protect/
to see what you need to do to protect your computer,or
just go to
http://www.microsoft.com/security/protect/windowsxp/choose
..asp
and choose let us do it from microsoft.WOW 90% of that
stuff came from porn,ad aware is great!Your lucky it
starts at all.

 

[Guest]

-----Original Message-----

-----Original Message-----
I updated Adaware on my son's Dell laptop running XP Pro.
It quarantined and deleted more than 300 items. I saved
the quarantine log. After rebooting, I can no longer get
an internet connection. Anyone know why?
Here is my quarantine log.
ArchiveData(auto-quarantine- 06-03-2004 12-18-20.bckp)
======================================================

XUPITER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : toolbar.band.1
obj[1]=RegKey : toolbar.band
obj[2]=RegKey : CLSID\{702ad576-fddb-4d0f-9811-
a43252064684}
obj[3]=RegKey : Interface\{229B6742-97C5-4FA1-89D0-
0117BE82FC39}
obj[4]=Folder : c:\program files\common files\OE
obj[98]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009565.dll
obj[99]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009945.dll
obj[100]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010131.dll
obj[101]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011324.dll

WILDTANGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[5]=RegKey : SOFTWARE\WildTangent
obj[6]=RegKey : Control Panel\MMCPL
obj[7]=Folder : c:\windows\wt
obj[104]=File : c:\documents and settings\bill
gildart\local settings\temp\ubgmtat.exe
obj[105]=File : c:\program
files\aim\sysfiles\aimwdinstall.exe
obj[106]=File : c:\program files\aim\aimwdinstall.exe
obj[107]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012389.dll
obj[108]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012390.dll
obj[109]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012391.dll
obj[110]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012480.dll
obj[111]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012530.dll
obj[112]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012531.dll
obj[113]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012532.dll
obj[114]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012533.dll
obj[115]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012534.exe
obj[116]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012535.exe
obj[117]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012536.dll
obj[118]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012537.dll
obj[119]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012538.dll
obj[120]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012539.dll
obj[121]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012540.dll
obj[122]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012541.dll
obj[123]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012542.ax
obj[124]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012543.ax
obj[125]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012553.dll
obj[126]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012554.exe
obj[127]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012555.exe
obj[128]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012556.exe
obj[129]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012557.dll
obj[130]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012558.dll
obj[131]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012559.cpl
obj[132]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012560.cpl
obj[133]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012601.exe
obj[134]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012702.dll
obj[135]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012703.dll
obj[136]=File : c:\windows\wt\wtdrm\drm0302.dll
obj[137]=File : c:\windows\wt\wtdrm\jdrm0302.dll
obj[138]=File : c:\windows\wt\wtdrm\rdrm0302.dll
obj[139]=File : c:\windows\wt\updater
obj[140]=File : c:\windows\wt\webdriver
obj[141]=File : c:\windows\wt\wtdrm
obj[142]=File : c:\windows\wt\wtupdates

VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegKey : CLSID\{000020DD-C72E-4113-AF77-
DD56626C6C42}
obj[9]=RegKey : CLSID\{DDFFA75A-E81D-4454-89FC-
B9FD0631E726}
obj[10]=RegKey : SOFTWARE\twaintec
obj[11]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[12]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[13]=RegKey : Software\Look2Me
obj[14]=RegKey : SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian
obj[15]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved
obj[144]=File : c:\documents and settings\bill
gildart\local settings\temp\icd2.tmp\bi.dll
obj[145]=File : c:\documents and settings\bill
gildart\local settings\temp\icd4.tmp\bi.dll
obj[146]=File : c:\documents and settings\bill
gildart\local settings\temp\icd6.tmp\bi.dll
obj[147]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\preinstt.exe
obj[148]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\twaintec.dll
obj[149]=File : c:\documents and settings\bill
gildart\local settings\temp\belt.exe
obj[150]=File : c:\documents and settings\bill
gildart\local settings\temp\biini.cab
obj[151]=File : c:\documents and settings\bill
gildart\local settings\temp\preinsbi.exe
obj[152]=File : c:\documents and settings\bill
gildart\local settings\temp\twaintec.ini
obj[153]=File : c:\documents and settings\bill
gildart\local settings\temp\twtini.cab
obj[154]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011364.ini
obj[155]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152 \a0011721.ini
obj[156]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012276.ini
obj[157]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012712.exe
obj[158]=File : c:\windows\system32\msg117.dll
obj[159]=File : c:\windows\temp\old70.tmp
obj[160]=File : c:\windows\preinsbi.exe
obj[161]=File : c:\windows\preinstt.exe
obj[162]=File : c:\windows\twaintec.dll
obj[163]=File : c:\windows\system32\msg{ccd4d772-95ad-
4ef0-a156-99f95b8b3548}0115.dll
obj[164]=File : c:\windows\system32\msg{f60366e4-d8b8-
4401-9b83-99fcdc916dca}0115.dll
obj[165]=File : c:\docume~1\billgi~1\locals~1
\temp\belt.cab
obj[166]=File : c:\docume~1\billgi~1\locals~1 \temp\bi.ini
obj[167]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.cab
obj[168]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.inf
obj[169]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.cab
obj[170]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.inf
obj[171]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.cab
obj[172]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.inf
obj[173]=File : c:\docume~1\billgi~1\locals~1
\temp\twaintec.ini
obj[174]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.cab
obj[175]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.inf
obj[176]=File : c:\windows\bi.ini
obj[177]=File : c:\windows\inf\twtini.inf
obj[178]=File : c:\windows\twaintec.ini
obj[179]=File : c:\windows\system32\msg118.dll
obj[180]=File : c:\docume~1\billgi~1\locals~1
\temp\icd2.tmp\bi.dll
obj[181]=File : c:\docume~1\billgi~1\locals~1
\temp\icd4.tmp\bi.dll
obj[182]=File : c:\docume~1\billgi~1\locals~1
\temp\icd6.tmp\bi.dll
obj[183]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\preinstt.exe
obj[184]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\twaintec.dll

VISICOM MEDIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[16]=RegKey : CLSID\{4E7BD74F-2B8D-469E-C0FB-
EF60B19DA02A}
obj[17]=RegKey : wzhelper.WZHELPER
obj[18]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}
obj[19]=RegKey : Software\Dynamic Toolbar
obj[185]=File : c:\windows\system32\wzhelper.dll

POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[20]=RegValue : Software\Powerscan
obj[21]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[22]=Folder : c:\documents and settings\bill
gildart\start menu\programs\Power Scan
obj[254]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009557.exe
obj[255]=File : c:\documents and settings\bill
gildart\start menu\programs\power scan\power scan.lnk

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[23]=RegKey : Software\trshlycklyfafdee
obj[24]=RegData : Software\Microsoft\Internet
Explorer\Search
obj[25]=RegData : Software\Microsoft\Internet
Explorer\Main

OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[26]=RegKey : Software\adtomi
obj[256]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128 \a0009729.exe
obj[257]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129 \a0009733.exe
obj[258]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129 \a0009737.exe

MEMORYWATCHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[27]=Folder : c:\program files\MemoryWatcher
obj[259]=File : c:\documents and settings\default user\my
documents\data\data\memwatcher.exe
obj[260]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012707.exe
obj[261]=File : c:\program
files\memorywatcher\upgradememorywatcher.exe

LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=Folder : c:\program files\lycos\Sidesearch
obj[262]=File : c:\program
files\lycos\sidesearch\sidesearch1211.dll
obj[263]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011300.dll

LOP.COM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[29]=RegKey : CLSID\{42213C05-A722-60DC-171A-
CBFC48BC8A13}
obj[30]=RegKey : CLSID\{D26FC04F-2F0A-9487-DEA0-
A719DF2D92E9}
obj[31]=RegKey : Drive.UploadROAM
obj[32]=RegKey : Drive.UploadROAM.1
obj[33]=RegKey : Each.TheBend
obj[34]=RegKey : Each.TheBend.1
obj[35]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{D26FC04F-2F0A-9487-DEA0-A719DF2D92E9}
obj[36]=RegValue : SOFTWARE\Microsoft\Internet
Explorer\Toolbar
obj[264]=File : c:\progra~1\softexit\about1.dll
obj[265]=File : c:\documents and settings\bill
gildart\application data\xthgltco.exe
obj[266]=File : c:\documents and settings\bill
gildart\local settings\temp\bkm1.exe
obj[267]=File : c:\documents and settings\bill
gildart\local settings\temp\bsd1.exe
obj[268]=File : c:\documents and settings\bill
gildart\local settings\temp\eom1.exe
obj[269]=File : c:\documents and settings\bill
gildart\local settings\temp\fqp4.exe
obj[270]=File : c:\documents and settings\bill
gildart\local settings\temp\guc1.exe
obj[271]=File : c:\documents and settings\bill
gildart\local settings\temp\hup2.exe
obj[272]=File : c:\documents and settings\bill
gildart\local settings\temp\iiw1.exe
obj[273]=File : c:\documents and settings\bill
gildart\local settings\temp\ipw1.exe
obj[274]=File : c:\documents and settings\bill
gildart\local settings\temp\nah1.exe
obj[275]=File : c:\documents and settings\bill
gildart\local settings\temp\ohl1.exe
obj[276]=File : c:\documents and settings\bill
gildart\local settings\temp\ohr1.exe
obj[277]=File : c:\documents and settings\bill
gildart\local settings\temp\quw1.exe
obj[278]=File : c:\documents and settings\bill
gildart\local settings\temp\rem2.exe
obj[279]=File : c:\documents and settings\bill
gildart\local settings\temp\rem9.exe
obj[280]=File : c:\documents and settings\bill
gildart\local settings\temp\rema.exe
obj[281]=File : c:\documents and settings\bill
gildart\local settings\temp\remb.exe
obj[282]=File : c:\documents and settings\bill
gildart\local settings\temp\remc.exe
obj[283]=File : c:\documents and settings\bill
gildart\local settings\temp\sbo1.exe
obj[284]=File : c:\documents and settings\bill
gildart\local settings\temp\urc1.exe
obj[285]=File : c:\documents and settings\bill
gildart\local settings\temp\uua1.exe
obj[286]=File : c:\documents and settings\bill
gildart\local settings\temp\ydi1.exe
obj[287]=File : c:\program files\softexit\about1.dll
obj[288]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011845.dll
obj[289]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012696.exe

ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[37]=RegValue : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser

IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[38]=RegKey : SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{26E8361F-BCE7-4F75-A347-
98C88B418322}
obj[39]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUT

O

_
UNINSTALL
obj[290]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009961.dll

HELPEXPRESS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[40]=RegKey : SOFTWARE\Alset\HX
obj[41]=RegKey : Software\Alset\HX\HXDL
obj[42]=RegKey : Software\Alset\HX\HXIUL
obj[43]=RegKey : Software\Alset
obj[44]=RegKey : SOFTWARE\Alset
obj[45]=RegValue :
Software\Microsoft\Windows\CurrentVersion\Run
obj[291]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010263.exe
obj[292]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012592.exe
obj[293]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012596.exe
obj[294]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012685.exe

EUNIVERSE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[46]=RegKey : bho.incredifindbho
obj[47]=RegKey : bho.incredifindbho.1
obj[48]=RegKey : CLSID\{5d60ff48-95be-4956-b4c6-
6bb168a70310}
obj[49]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-
E9613226F14D}
obj[50]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}
obj[51]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-
f8753551b875}
obj[52]=RegKey : SOFTWARE\IncrediFind
obj[53]=RegKey : SOFTWARE\updater
obj[54]=RegKey : Software\Visicom Media
obj[55]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-
000000000000}
obj[56]=Folder : c:\program files\Dynamic Toolbar
obj[295]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009957.exe
obj[296]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011321.exe
obj[297]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012635.exe
obj[298]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012640.exe
obj[299]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012679.exe
obj[300]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012680.exe
obj[301]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012681.exe
obj[302]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012692.dll
obj[303]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012693.dll
obj[304]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012697.dll
obj[305]=File : c:\program files\dynamic toolbar\pwrswmda
obj[306]=File : c:\program files\dynamic toolbar\wzhelper
obj[307]=File : c:\docume~1\billgi~1\locals~1
\temp\incredifindbholog.tmp
obj[308]=File : c:\temp\eunivbholog.tmp

CLIPGENIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[57]=RegKey : Software\ClipGenie
obj[58]=RegKey : Software\TrayNotifier\ClipGenie
obj[59]=RegKey : SOFTWARE\TrayNotifier\ClipGenie
obj[322]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135 \a0010054.exe
obj[323]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135 \a0010057.exe
obj[324]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010116.exe

CLEARSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[60]=RegValue : Software\Microsoft\Internet
Explorer\URLSearchHooks
obj[325]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009552.exe
obj[326]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011311.exe
obj[327]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011314.exe
obj[328]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011407.exe
obj[329]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011408.exe

CLARIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[61]=RegKey : CLSID\{dbae7000-01ec-4162-8feb-
8a27ac937ca0}
obj[62]=RegKey : hdplugin.hdpluginctrl
obj[63]=RegKey : hdplugin.hdpluginctrl.1
obj[64]=RegKey : TYPELIB\{2ec7a834-9c5e-4154-badc-
0d86a2edc82d}
obj[65]=RegKey : Interface\{22D34833-06F9-4CE6-9FF7-
CE4DA0BA351D}
obj[330]=File : c:\windows\downloaded program
files\hdplugin1014.dll
obj[331]=File : c:\windows\downloaded program
files\hdplugin1014.inf
obj[332]=File : c:\windows\downloaded program
files\hdplugin1015.dll
obj[333]=File : c:\windows\downloaded program
files\hdplugin1015.inf
obj[334]=File : c:\documents and settings\all users\start
menu\programs\startup\gstartup.lnk

ADROTATOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[66]=RegKey : AdRotator.Application
obj[67]=RegKey : CLSID\{34EF5B1C-52CB-400b-8B7C-
F787018B3826}
obj[68]=RegKey : CLSID\{3E7145B1-EA07-42CE-9299-
11DF39FF54BD}
obj[69]=RegKey : CLSID\{5074851C-F67A-488E-A9C9-
C244573F4068}
obj[70]=RegKey : defaultsearch.seekseek
obj[71]=RegKey : defaultsearch.seekseek.1
obj[72]=RegKey : Interface\{39341EB6-C340-4F68-AB9D-
EE4917309828}
obj[73]=RegKey : Interface\{E9D8697E-BEA9-4170-84F3-
509AD2A11951}
obj[74]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{5074851C-F67A-488E-A9C9-C244573F4068}
obj[75]=RegKey : SOFTWARE\Mwsvm
obj[76]=RegKey : SOFTWARE\slmss
obj[77]=RegKey : TypeLib\{3CD9D85E-1FF2-4BF7-A113-
6669B8D1E676}
obj[78]=RegKey : TYPELIB\{eac42c32-1fe3-4fd0-9f27-
e7f9ccf5fcd9}
obj[79]=RegKey : urllauncher.urllaunchercontrol
obj[80]=RegKey : urllauncher.urllaunchercontrol.1
obj[81]=Folder : c:\program files\common files\Slmss
obj[338]=File : c:\program files\common
files\slmss\slmss.exe
obj[339]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009503.exe
obj[340]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010290.ocx
obj[341]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010291.exe
obj[342]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011316.exe
obj[343]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011410.exe
obj[344]=File : c:\windows\ieasst.dll
obj[345]=File : c:\windows\mwsvm.bin
obj[346]=File : c:\windows\urls.bin
obj[347]=File : c:\windows\vurls.bin
obj[348]=File : c:\windows\mwsvm.dat
obj[349]=File : c:\windows\mwsvm.exe
obj[350]=File : c:\windows\mwsvm.ocx
obj[351]=File : c:\windows\vs.bin

ADDESTROYER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[82]=RegKey : software\vb and vba program
settings\addestroyer

180SOLUTIONS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[83]=RegKey : Interface\{8DD50C56-8A07-40B9-98C4-
3F169E3AE28E}
obj[84]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program
Files/CONFLICT.1/nCaseInstaller.dll
obj[85]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/CONFLICT.1/nCASELib.dll
obj[86]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program
Files/CONFLICT.2/nCaseInstaller.dll
obj[87]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/CONFLICT.2/nCASELib.dll
obj[88]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program
Files/CONFLICT.3/nCaseInstaller.dll
obj[89]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/CONFLICT.3/nCASELib.dll
obj[90]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/nCASELib.dll
obj[91]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[92]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[93]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[94]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[95]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[96]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[97]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[354]=File : c:\windows\downloaded program
files\conflict.1\ncaseinstaller.dll
obj[355]=File : c:\windows\downloaded program
files\conflict.1\ncaselib.dll
obj[356]=File : c:\windows\downloaded program
files\conflict.2\ncaseinstaller.dll
obj[357]=File : c:\windows\downloaded program
files\conflict.2\ncaselib.dll
obj[358]=File : c:\windows\downloaded program
files\conflict.3\ncaseinstaller.dll
obj[359]=File : c:\windows\downloaded program
files\conflict.3\ncaselib.dll
obj[360]=File : c:\windows\downloaded program
files\ncaselib.dll
obj[361]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011315.exe
obj[362]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011409.exe
obj[363]=File : c:\windows\system32\iefeatures.exe

WIN32.WELCHIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[102]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009499.exe
obj[103]=File : c:\windows\system32\wins\svchost.exe

WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[143]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011422.exe

STATBLASTER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[186]=File : c:\program
files\media\media\updatestats.exe

SECONDTHOUGHT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[187]=File : c:\windows\downloaded program
files\conflict.1\install.exe
obj[188]=File : c:\windows\downloaded program
files\conflict.2\install.exe
obj[189]=File : c:\windows\downloaded program
files\conflict.3\install.exe
obj[190]=File : c:\windows\downloaded program
files\install.exe
obj[191]=File : c:\windows\system32\idleui.dll
obj[192]=File : c:\windows\system32\stcloader.exe

SEARCHCENTRIX
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[193]=File : c:\windows\system32\barbho.dll

SAHAGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[194]=File : c:\windows\downloaded program
files\lsp_.dll
obj[195]=File : c:\windows\downloaded program
files\sahagent_.exe
obj[196]=File : c:\windows\downloaded program
files\sahdownloader_.exe
obj[197]=File : c:\windows\downloaded program
files\sahhtml_.exe
obj[198]=File : c:\windows\downloaded program
files\sahuninstall_.exe
obj[199]=File : c:\windows\system32\sahagent.exe
obj[200]=File : c:\windows\system32\sahagent1008.exe
obj[201]=File : c:\windows\system32\sahhtml.exe

RADS01.QUADROGRAM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[202]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008137.exe
obj[203]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008151.exe
obj[204]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008174.exe
obj[205]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008193.exe
obj[206]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008336.exe
obj[207]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008351.exe
obj[208]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008377.exe
obj[209]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0009368.exe
obj[210]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0009385.exe
obj[211]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119 \a0009414.exe
obj[212]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119 \a0009438.exe
obj[213]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009465.exe
obj[214]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009484.exe
obj[215]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009511.exe
obj[216]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009525.exe
obj[217]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009542.exe
obj[218]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009576.exe
obj[219]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp126 \a0009614.exe
obj[220]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp127 \a0009631.exe
obj[221]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128 \a0009681.exe
obj[222]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128 \a0009718.exe
obj[223]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009929.exe
obj[224]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009972.exe
obj[225]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0010011.exe
obj[226]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010076.exe
obj[227]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010106.exe
obj[228]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010152.exe
obj[229]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010248.exe
obj[230]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010284.exe
obj[231]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011291.exe
obj[232]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011338.exe
obj[233]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011388.exe
obj[234]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145 \a0011455.exe
obj[235]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp146 \a0011492.exe
obj[236]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp147 \a0011535.exe
obj[237]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149 \a0011643.exe
obj[238]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149 \a0011677.exe
obj[239]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152 \a0011742.exe
obj[240]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp153 \a0011758.exe
obj[241]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011788.exe
obj[242]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011814.exe
obj[243]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011838.exe
obj[244]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012073.exe
obj[245]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012209.exe
obj[246]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012224.exe
obj[247]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012248.exe
obj[248]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012264.exe
obj[249]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012297.exe
obj[250]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp155 \a0012331.exe
obj[251]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012496.exe
obj[252]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012510.exe
obj[253]=File : c:\windows\emsw.exe

DOWNLOADWARE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[309]=File : c:\documents and settings\bill
gildart\local settings\temp\ins282.tmp
obj[310]=File : c:\documents and settings\bill
gildart\local settings\temp\ins6f.tmp
obj[311]=File : c:\windows\digital signature 20031112.htm
obj[312]=File : c:\windows\digital signature 20031118.htm
obj[313]=File : c:\windows\digital signature 20031204.htm
obj[314]=File : c:\windows\digital signature 20031205.htm
obj[315]=File : c:\windows\digital signature 20031209.htm
obj[316]=File : c:\windows\digital signature 20031211.htm
obj[317]=File : c:\windows\digital signature 20031212.htm
obj[318]=File : c:\windows\digital signature 20031213.htm
obj[319]=File : c:\windows\digital signature 20031216.htm
obj[320]=File : c:\windows\digital signature 20040115.htm
obj[321]=File : c:\windows\digital signature 20040121.htm

ADSINCONTEXT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[335]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008180.exe
obj[336]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0010028.dll
obj[337]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145 \a0011467.exe

ADPARTNER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[352]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011778.dll
obj[353]=File : c:\windows\system32\aplsp.dll


.
WOW you sure had a lot of spyware!Most looks like it

came from porno sites.Wow a lot of porno sites!You may
have had a worm or trojan,that gets loaded with
porno.You may have to format,and restore.First try to get
an ip address by going to start--run--type in cmd,then
hit enter--type in ipconfig/release--then type in
ipconfig/renew------close it out try internet----works
great,if not try---start--control panel--network
connections--check your internet connection,if it's
disabled r-click it and enable it.WOW thats a lot of spy
porno.Run your antivirus,make sure its updated,if it's
not or you don't have one go to
http://www.my-

etrust.com/microsoft/

they have 1 year for free.You should also check
http://www.microsoft.com/security/protect/
to see what you need to do to protect your computer,or
just go to
http://www.microsoft.com/security/protect/windowsxp/choos e
..asp

and choose let us do it from microsoft.WOW 90% of that
stuff came from porn,ad aware is great!Your lucky it
starts at all.
.
That's posible from porn,sure is a lot of junk

though ,but if that doesn't work,try reseting your
homepage it may have been removed also,open you
explorer,tools,internet options,use default or your
favorite homepage,something like www.msn.com,apply,ok,and
try.

 

[Guest]

-----Original Message-----

-----Original Message-----
I updated Adaware on my son's Dell laptop running XP Pro.
It quarantined and deleted more than 300 items. I saved
the quarantine log. After rebooting, I can no longer get
an internet connection. Anyone know why?
Here is my quarantine log.
ArchiveData(auto-quarantine- 06-03-2004 12-18-20.bckp)
======================================================

XUPITER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : toolbar.band.1
obj[1]=RegKey : toolbar.band
obj[2]=RegKey : CLSID\{702ad576-fddb-4d0f-9811-
a43252064684}
obj[3]=RegKey : Interface\{229B6742-97C5-4FA1-89D0-
0117BE82FC39}
obj[4]=Folder : c:\program files\common files\OE
obj[98]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009565.dll
obj[99]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009945.dll
obj[100]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010131.dll
obj[101]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011324.dll

WILDTANGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[5]=RegKey : SOFTWARE\WildTangent
obj[6]=RegKey : Control Panel\MMCPL
obj[7]=Folder : c:\windows\wt
obj[104]=File : c:\documents and settings\bill
gildart\local settings\temp\ubgmtat.exe
obj[105]=File : c:\program
files\aim\sysfiles\aimwdinstall.exe
obj[106]=File : c:\program files\aim\aimwdinstall.exe
obj[107]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012389.dll
obj[108]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012390.dll
obj[109]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012391.dll
obj[110]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012480.dll
obj[111]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012530.dll
obj[112]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012531.dll
obj[113]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012532.dll
obj[114]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012533.dll
obj[115]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012534.exe
obj[116]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012535.exe
obj[117]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012536.dll
obj[118]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012537.dll
obj[119]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012538.dll
obj[120]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012539.dll
obj[121]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012540.dll
obj[122]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012541.dll
obj[123]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012542.ax
obj[124]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012543.ax
obj[125]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012553.dll
obj[126]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012554.exe
obj[127]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012555.exe
obj[128]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012556.exe
obj[129]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012557.dll
obj[130]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012558.dll
obj[131]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012559.cpl
obj[132]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012560.cpl
obj[133]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012601.exe
obj[134]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012702.dll
obj[135]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012703.dll
obj[136]=File : c:\windows\wt\wtdrm\drm0302.dll
obj[137]=File : c:\windows\wt\wtdrm\jdrm0302.dll
obj[138]=File : c:\windows\wt\wtdrm\rdrm0302.dll
obj[139]=File : c:\windows\wt\updater
obj[140]=File : c:\windows\wt\webdriver
obj[141]=File : c:\windows\wt\wtdrm
obj[142]=File : c:\windows\wt\wtupdates

VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegKey : CLSID\{000020DD-C72E-4113-AF77-
DD56626C6C42}
obj[9]=RegKey : CLSID\{DDFFA75A-E81D-4454-89FC-
B9FD0631E726}
obj[10]=RegKey : SOFTWARE\twaintec
obj[11]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[12]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[13]=RegKey : Software\Look2Me
obj[14]=RegKey : SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian
obj[15]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved
obj[144]=File : c:\documents and settings\bill
gildart\local settings\temp\icd2.tmp\bi.dll
obj[145]=File : c:\documents and settings\bill
gildart\local settings\temp\icd4.tmp\bi.dll
obj[146]=File : c:\documents and settings\bill
gildart\local settings\temp\icd6.tmp\bi.dll
obj[147]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\preinstt.exe
obj[148]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\twaintec.dll
obj[149]=File : c:\documents and settings\bill
gildart\local settings\temp\belt.exe
obj[150]=File : c:\documents and settings\bill
gildart\local settings\temp\biini.cab
obj[151]=File : c:\documents and settings\bill
gildart\local settings\temp\preinsbi.exe
obj[152]=File : c:\documents and settings\bill
gildart\local settings\temp\twaintec.ini
obj[153]=File : c:\documents and settings\bill
gildart\local settings\temp\twtini.cab
obj[154]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011364.ini
obj[155]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152 \a0011721.ini
obj[156]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012276.ini
obj[157]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012712.exe
obj[158]=File : c:\windows\system32\msg117.dll
obj[159]=File : c:\windows\temp\old70.tmp
obj[160]=File : c:\windows\preinsbi.exe
obj[161]=File : c:\windows\preinstt.exe
obj[162]=File : c:\windows\twaintec.dll
obj[163]=File : c:\windows\system32\msg{ccd4d772-95ad-
4ef0-a156-99f95b8b3548}0115.dll
obj[164]=File : c:\windows\system32\msg{f60366e4-d8b8-
4401-9b83-99fcdc916dca}0115.dll
obj[165]=File : c:\docume~1\billgi~1\locals~1
\temp\belt.cab
obj[166]=File : c:\docume~1\billgi~1\locals~1 \temp\bi.ini
obj[167]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.cab
obj[168]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.inf
obj[169]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.cab
obj[170]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.inf
obj[171]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.cab
obj[172]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.inf
obj[173]=File : c:\docume~1\billgi~1\locals~1
\temp\twaintec.ini
obj[174]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.cab
obj[175]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.inf
obj[176]=File : c:\windows\bi.ini
obj[177]=File : c:\windows\inf\twtini.inf
obj[178]=File : c:\windows\twaintec.ini
obj[179]=File : c:\windows\system32\msg118.dll
obj[180]=File : c:\docume~1\billgi~1\locals~1
\temp\icd2.tmp\bi.dll
obj[181]=File : c:\docume~1\billgi~1\locals~1
\temp\icd4.tmp\bi.dll
obj[182]=File : c:\docume~1\billgi~1\locals~1
\temp\icd6.tmp\bi.dll
obj[183]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\preinstt.exe
obj[184]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\twaintec.dll

VISICOM MEDIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[16]=RegKey : CLSID\{4E7BD74F-2B8D-469E-C0FB-
EF60B19DA02A}
obj[17]=RegKey : wzhelper.WZHELPER
obj[18]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}
obj[19]=RegKey : Software\Dynamic Toolbar
obj[185]=File : c:\windows\system32\wzhelper.dll

POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[20]=RegValue : Software\Powerscan
obj[21]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[22]=Folder : c:\documents and settings\bill
gildart\start menu\programs\Power Scan
obj[254]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009557.exe
obj[255]=File : c:\documents and settings\bill
gildart\start menu\programs\power scan\power scan.lnk

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[23]=RegKey : Software\trshlycklyfafdee
obj[24]=RegData : Software\Microsoft\Internet
Explorer\Search
obj[25]=RegData : Software\Microsoft\Internet
Explorer\Main

OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[26]=RegKey : Software\adtomi
obj[256]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128 \a0009729.exe
obj[257]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129 \a0009733.exe
obj[258]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129 \a0009737.exe

MEMORYWATCHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[27]=Folder : c:\program files\MemoryWatcher
obj[259]=File : c:\documents and settings\default user\my
documents\data\data\memwatcher.exe
obj[260]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012707.exe
obj[261]=File : c:\program
files\memorywatcher\upgradememorywatcher.exe

LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=Folder : c:\program files\lycos\Sidesearch
obj[262]=File : c:\program
files\lycos\sidesearch\sidesearch1211.dll
obj[263]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011300.dll

LOP.COM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[29]=RegKey : CLSID\{42213C05-A722-60DC-171A-
CBFC48BC8A13}
obj[30]=RegKey : CLSID\{D26FC04F-2F0A-9487-DEA0-
A719DF2D92E9}
obj[31]=RegKey : Drive.UploadROAM
obj[32]=RegKey : Drive.UploadROAM.1
obj[33]=RegKey : Each.TheBend
obj[34]=RegKey : Each.TheBend.1
obj[35]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{D26FC04F-2F0A-9487-DEA0-A719DF2D92E9}
obj[36]=RegValue : SOFTWARE\Microsoft\Internet
Explorer\Toolbar
obj[264]=File : c:\progra~1\softexit\about1.dll
obj[265]=File : c:\documents and settings\bill
gildart\application data\xthgltco.exe
obj[266]=File : c:\documents and settings\bill
gildart\local settings\temp\bkm1.exe
obj[267]=File : c:\documents and settings\bill
gildart\local settings\temp\bsd1.exe
obj[268]=File : c:\documents and settings\bill
gildart\local settings\temp\eom1.exe
obj[269]=File : c:\documents and settings\bill
gildart\local settings\temp\fqp4.exe
obj[270]=File : c:\documents and settings\bill
gildart\local settings\temp\guc1.exe
obj[271]=File : c:\documents and settings\bill
gildart\local settings\temp\hup2.exe
obj[272]=File : c:\documents and settings\bill
gildart\local settings\temp\iiw1.exe
obj[273]=File : c:\documents and settings\bill
gildart\local settings\temp\ipw1.exe
obj[274]=File : c:\documents and settings\bill
gildart\local settings\temp\nah1.exe
obj[275]=File : c:\documents and settings\bill
gildart\local settings\temp\ohl1.exe
obj[276]=File : c:\documents and settings\bill
gildart\local settings\temp\ohr1.exe
obj[277]=File : c:\documents and settings\bill
gildart\local settings\temp\quw1.exe
obj[278]=File : c:\documents and settings\bill
gildart\local settings\temp\rem2.exe
obj[279]=File : c:\documents and settings\bill
gildart\local settings\temp\rem9.exe
obj[280]=File : c:\documents and settings\bill
gildart\local settings\temp\rema.exe
obj[281]=File : c:\documents and settings\bill
gildart\local settings\temp\remb.exe
obj[282]=File : c:\documents and settings\bill
gildart\local settings\temp\remc.exe
obj[283]=File : c:\documents and settings\bill
gildart\local settings\temp\sbo1.exe
obj[284]=File : c:\documents and settings\bill
gildart\local settings\temp\urc1.exe
obj[285]=File : c:\documents and settings\bill
gildart\local settings\temp\uua1.exe
obj[286]=File : c:\documents and settings\bill
gildart\local settings\temp\ydi1.exe
obj[287]=File : c:\program files\softexit\about1.dll
obj[288]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011845.dll
obj[289]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012696.exe

ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[37]=RegValue : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser

IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[38]=RegKey : SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{26E8361F-BCE7-4F75-A347-
98C88B418322}
obj[39]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUT

O

_
UNINSTALL
obj[290]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009961.dll

HELPEXPRESS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[40]=RegKey : SOFTWARE\Alset\HX
obj[41]=RegKey : Software\Alset\HX\HXDL
obj[42]=RegKey : Software\Alset\HX\HXIUL
obj[43]=RegKey : Software\Alset
obj[44]=RegKey : SOFTWARE\Alset
obj[45]=RegValue :
Software\Microsoft\Windows\CurrentVersion\Run
obj[291]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010263.exe
obj[292]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012592.exe
obj[293]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012596.exe
obj[294]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012685.exe

EUNIVERSE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[46]=RegKey : bho.incredifindbho
obj[47]=RegKey : bho.incredifindbho.1
obj[48]=RegKey : CLSID\{5d60ff48-95be-4956-b4c6-
6bb168a70310}
obj[49]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-
E9613226F14D}
obj[50]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}
obj[51]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-
f8753551b875}
obj[52]=RegKey : SOFTWARE\IncrediFind
obj[53]=RegKey : SOFTWARE\updater
obj[54]=RegKey : Software\Visicom Media
obj[55]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-
000000000000}
obj[56]=Folder : c:\program files\Dynamic Toolbar
obj[295]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009957.exe
obj[296]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011321.exe
obj[297]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012635.exe
obj[298]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012640.exe
obj[299]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012679.exe
obj[300]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012680.exe
obj[301]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012681.exe
obj[302]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012692.dll
obj[303]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012693.dll
obj[304]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012697.dll
obj[305]=File : c:\program files\dynamic toolbar\pwrswmda
obj[306]=File : c:\program files\dynamic toolbar\wzhelper
obj[307]=File : c:\docume~1\billgi~1\locals~1
\temp\incredifindbholog.tmp
obj[308]=File : c:\temp\eunivbholog.tmp

CLIPGENIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[57]=RegKey : Software\ClipGenie
obj[58]=RegKey : Software\TrayNotifier\ClipGenie
obj[59]=RegKey : SOFTWARE\TrayNotifier\ClipGenie
obj[322]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135 \a0010054.exe
obj[323]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135 \a0010057.exe
obj[324]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010116.exe

CLEARSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[60]=RegValue : Software\Microsoft\Internet
Explorer\URLSearchHooks
obj[325]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009552.exe
obj[326]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011311.exe
obj[327]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011314.exe
obj[328]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011407.exe
obj[329]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011408.exe

CLARIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[61]=RegKey : CLSID\{dbae7000-01ec-4162-8feb-
8a27ac937ca0}
obj[62]=RegKey : hdplugin.hdpluginctrl
obj[63]=RegKey : hdplugin.hdpluginctrl.1
obj[64]=RegKey : TYPELIB\{2ec7a834-9c5e-4154-badc-
0d86a2edc82d}
obj[65]=RegKey : Interface\{22D34833-06F9-4CE6-9FF7-
CE4DA0BA351D}
obj[330]=File : c:\windows\downloaded program
files\hdplugin1014.dll
obj[331]=File : c:\windows\downloaded program
files\hdplugin1014.inf
obj[332]=File : c:\windows\downloaded program
files\hdplugin1015.dll
obj[333]=File : c:\windows\downloaded program
files\hdplugin1015.inf
obj[334]=File : c:\documents and settings\all users\start
menu\programs\startup\gstartup.lnk

ADROTATOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[66]=RegKey : AdRotator.Application
obj[67]=RegKey : CLSID\{34EF5B1C-52CB-400b-8B7C-
F787018B3826}
obj[68]=RegKey : CLSID\{3E7145B1-EA07-42CE-9299-
11DF39FF54BD}
obj[69]=RegKey : CLSID\{5074851C-F67A-488E-A9C9-
C244573F4068}
obj[70]=RegKey : defaultsearch.seekseek
obj[71]=RegKey : defaultsearch.seekseek.1
obj[72]=RegKey : Interface\{39341EB6-C340-4F68-AB9D-
EE4917309828}
obj[73]=RegKey : Interface\{E9D8697E-BEA9-4170-84F3-
509AD2A11951}
obj[74]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Brows

e

r
Helper Objects\{5074851C-F67A-488E-A9C9-C244573F4068}
obj[75]=RegKey : SOFTWARE\Mwsvm
obj[76]=RegKey : SOFTWARE\slmss
obj[77]=RegKey : TypeLib\{3CD9D85E-1FF2-4BF7-A113-
6669B8D1E676}
obj[78]=RegKey : TYPELIB\{eac42c32-1fe3-4fd0-9f27-
e7f9ccf5fcd9}
obj[79]=RegKey : urllauncher.urllaunchercontrol
obj[80]=RegKey : urllauncher.urllaunchercontrol.1
obj[81]=Folder : c:\program files\common files\Slmss
obj[338]=File : c:\program files\common
files\slmss\slmss.exe
obj[339]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009503.exe
obj[340]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010290.ocx
obj[341]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010291.exe
obj[342]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011316.exe
obj[343]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011410.exe
obj[344]=File : c:\windows\ieasst.dll
obj[345]=File : c:\windows\mwsvm.bin
obj[346]=File : c:\windows\urls.bin
obj[347]=File : c:\windows\vurls.bin
obj[348]=File : c:\windows\mwsvm.dat
obj[349]=File : c:\windows\mwsvm.exe
obj[350]=File : c:\windows\mwsvm.ocx
obj[351]=File : c:\windows\vs.bin

ADDESTROYER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[82]=RegKey : software\vb and vba program
settings\addestroyer

180SOLUTIONS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[83]=RegKey : Interface\{8DD50C56-8A07-40B9-98C4-
3F169E3AE28E}
obj[84]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program
Files/CONFLICT.1/nCaseInstaller.dll
obj[85]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/CONFLICT.1/nCASELib.dll
obj[86]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program
Files/CONFLICT.2/nCaseInstaller.dll
obj[87]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/CONFLICT.2/nCASELib.dll
obj[88]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program
Files/CONFLICT.3/nCaseInstaller.dll
obj[89]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/CONFLICT.3/nCASELib.dll
obj[90]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:

/

W
INDOWS/Downloaded Program Files/nCASELib.dll
obj[91]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[92]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[93]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[94]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[95]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[96]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[97]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[354]=File : c:\windows\downloaded program
files\conflict.1\ncaseinstaller.dll
obj[355]=File : c:\windows\downloaded program
files\conflict.1\ncaselib.dll
obj[356]=File : c:\windows\downloaded program
files\conflict.2\ncaseinstaller.dll
obj[357]=File : c:\windows\downloaded program
files\conflict.2\ncaselib.dll
obj[358]=File : c:\windows\downloaded program
files\conflict.3\ncaseinstaller.dll
obj[359]=File : c:\windows\downloaded program
files\conflict.3\ncaselib.dll
obj[360]=File : c:\windows\downloaded program
files\ncaselib.dll
obj[361]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011315.exe
obj[362]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011409.exe
obj[363]=File : c:\windows\system32\iefeatures.exe

WIN32.WELCHIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[102]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009499.exe
obj[103]=File : c:\windows\system32\wins\svchost.exe

WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[143]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011422.exe

STATBLASTER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[186]=File : c:\program
files\media\media\updatestats.exe

SECONDTHOUGHT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[187]=File : c:\windows\downloaded program
files\conflict.1\install.exe
obj[188]=File : c:\windows\downloaded program
files\conflict.2\install.exe
obj[189]=File : c:\windows\downloaded program
files\conflict.3\install.exe
obj[190]=File : c:\windows\downloaded program
files\install.exe
obj[191]=File : c:\windows\system32\idleui.dll
obj[192]=File : c:\windows\system32\stcloader.exe

SEARCHCENTRIX
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[193]=File : c:\windows\system32\barbho.dll

SAHAGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[194]=File : c:\windows\downloaded program
files\lsp_.dll
obj[195]=File : c:\windows\downloaded program
files\sahagent_.exe
obj[196]=File : c:\windows\downloaded program
files\sahdownloader_.exe
obj[197]=File : c:\windows\downloaded program
files\sahhtml_.exe
obj[198]=File : c:\windows\downloaded program
files\sahuninstall_.exe
obj[199]=File : c:\windows\system32\sahagent.exe
obj[200]=File : c:\windows\system32\sahagent1008.exe
obj[201]=File : c:\windows\system32\sahhtml.exe

RADS01.QUADROGRAM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[202]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008137.exe
obj[203]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008151.exe
obj[204]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008174.exe
obj[205]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008193.exe
obj[206]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008336.exe
obj[207]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008351.exe
obj[208]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008377.exe
obj[209]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0009368.exe
obj[210]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0009385.exe
obj[211]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119 \a0009414.exe
obj[212]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119 \a0009438.exe
obj[213]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009465.exe
obj[214]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009484.exe
obj[215]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124 \a0009511.exe
obj[216]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009525.exe
obj[217]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009542.exe
obj[218]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125 \a0009576.exe
obj[219]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp126 \a0009614.exe
obj[220]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp127 \a0009631.exe
obj[221]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128 \a0009681.exe
obj[222]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128 \a0009718.exe
obj[223]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009929.exe
obj[224]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0009972.exe
obj[225]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0010011.exe
obj[226]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010076.exe
obj[227]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010106.exe
obj[228]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136 \a0010152.exe
obj[229]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010248.exe
obj[230]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139 \a0010284.exe
obj[231]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011291.exe
obj[232]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140 \a0011338.exe
obj[233]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144 \a0011388.exe
obj[234]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145 \a0011455.exe
obj[235]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp146 \a0011492.exe
obj[236]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp147 \a0011535.exe
obj[237]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149 \a0011643.exe
obj[238]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149 \a0011677.exe
obj[239]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152 \a0011742.exe
obj[240]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp153 \a0011758.exe
obj[241]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011788.exe
obj[242]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011814.exe
obj[243]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011838.exe
obj[244]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012073.exe
obj[245]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012209.exe
obj[246]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012224.exe
obj[247]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012248.exe
obj[248]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012264.exe
obj[249]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0012297.exe
obj[250]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp155 \a0012331.exe
obj[251]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012496.exe
obj[252]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156 \a0012510.exe
obj[253]=File : c:\windows\emsw.exe

DOWNLOADWARE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[309]=File : c:\documents and settings\bill
gildart\local settings\temp\ins282.tmp
obj[310]=File : c:\documents and settings\bill
gildart\local settings\temp\ins6f.tmp
obj[311]=File : c:\windows\digital signature 20031112.htm
obj[312]=File : c:\windows\digital signature 20031118.htm
obj[313]=File : c:\windows\digital signature 20031204.htm
obj[314]=File : c:\windows\digital signature 20031205.htm
obj[315]=File : c:\windows\digital signature 20031209.htm
obj[316]=File : c:\windows\digital signature 20031211.htm
obj[317]=File : c:\windows\digital signature 20031212.htm
obj[318]=File : c:\windows\digital signature 20031213.htm
obj[319]=File : c:\windows\digital signature 20031216.htm
obj[320]=File : c:\windows\digital signature 20040115.htm
obj[321]=File : c:\windows\digital signature 20040121.htm

ADSINCONTEXT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[335]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118 \a0008180.exe
obj[336]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134 \a0010028.dll
obj[337]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145 \a0011467.exe

ADPARTNER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[352]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154 \a0011778.dll
obj[353]=File : c:\windows\system32\aplsp.dll


.
WOW you sure had a lot of spyware!Most looks like it

came from porno sites.Wow a lot of porno sites!You may
have had a worm or trojan,that gets loaded with
porno.You may have to format,and restore.First try to get
an ip address by going to start--run--type in cmd,then
hit enter--type in ipconfig/release--then type in
ipconfig/renew------close it out try internet----works
great,if not try---start--control panel--network
connections--check your internet connection,if it's
disabled r-click it and enable it.WOW thats a lot of spy
porno.Run your antivirus,make sure its updated,if it's
not or you don't have one go to
http://www.my-

etrust.com/microsoft/

they have 1 year for free.You should also check
http://www.microsoft.com/security/protect/
to see what you need to do to protect your computer,or
just go to
http://www.microsoft.com/security/protect/windowsxp/choos e
..asp

and choose let us do it from microsoft.WOW 90% of that
stuff came from porn,ad aware is great!Your lucky it
starts at all.
.
You can't tell if it's from porn like that,your just

trying to cause trouble.Although reply is a posibility to
help,saying from porn isn't fair.There are a lot of sites
that load stuff like that when you visit them,like
gameing and music sites that prey on you unknowingly,good
luck to you.

 

[Guest]

You can go back into ad aware and restore things,if you
want to.open quintine list,highlite click restore items,I
wouldn't because that's a lot spyware.I have 3 teens,had
to teach them not to click yes on all downloads,there
reply was,if I don't click yes I don't get the game
cheats.Ad aware works for me,I remove 60-70 items a day
from them.If you go to msn.com it gives 5 spyware
cookies,I don't see anything that would change your
connection settings,try network conection in control
panel and right click your conection click repair,that
should fix it.

-----Original Message-----
I updated Adaware on my son's Dell laptop running XP Pro.
It quarantined and deleted more than 300 items. I saved
the quarantine log. After rebooting, I can no longer get
an internet connection. Anyone know why?
Here is my quarantine log.
ArchiveData(auto-quarantine- 06-03-2004 12-18-20.bckp)
======================================================

XUPITER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : toolbar.band.1
obj[1]=RegKey : toolbar.band
obj[2]=RegKey : CLSID\{702ad576-fddb-4d0f-9811-
a43252064684}
obj[3]=RegKey : Interface\{229B6742-97C5-4FA1-89D0-
0117BE82FC39}
obj[4]=Folder : c:\program files\common files\OE
obj[98]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009565.dll
obj[99]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009945.dll
obj[100]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010131.dll
obj[101]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011324.dll

WILDTANGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[5]=RegKey : SOFTWARE\WildTangent
obj[6]=RegKey : Control Panel\MMCPL
obj[7]=Folder : c:\windows\wt
obj[104]=File : c:\documents and settings\bill
gildart\local settings\temp\ubgmtat.exe
obj[105]=File : c:\program
files\aim\sysfiles\aimwdinstall.exe
obj[106]=File : c:\program files\aim\aimwdinstall.exe
obj[107]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012389.dll
obj[108]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012390.dll
obj[109]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012391.dll
obj[110]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012480.dll
obj[111]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012530.dll
obj[112]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012531.dll
obj[113]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012532.dll
obj[114]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012533.dll
obj[115]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012534.exe
obj[116]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012535.exe
obj[117]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012536.dll
obj[118]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012537.dll
obj[119]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012538.dll
obj[120]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012539.dll
obj[121]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012540.dll
obj[122]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012541.dll
obj[123]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012542.ax
obj[124]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012543.ax
obj[125]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012553.dll
obj[126]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012554.exe
obj[127]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012555.exe
obj[128]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012556.exe
obj[129]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012557.dll
obj[130]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012558.dll
obj[131]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012559.cpl
obj[132]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012560.cpl
obj[133]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012601.exe
obj[134]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012702.dll
obj[135]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012703.dll
obj[136]=File : c:\windows\wt\wtdrm\drm0302.dll
obj[137]=File : c:\windows\wt\wtdrm\jdrm0302.dll
obj[138]=File : c:\windows\wt\wtdrm\rdrm0302.dll
obj[139]=File : c:\windows\wt\updater
obj[140]=File : c:\windows\wt\webdriver
obj[141]=File : c:\windows\wt\wtdrm
obj[142]=File : c:\windows\wt\wtupdates

VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegKey : CLSID\{000020DD-C72E-4113-AF77-
DD56626C6C42}
obj[9]=RegKey : CLSID\{DDFFA75A-E81D-4454-89FC-
B9FD0631E726}
obj[10]=RegKey : SOFTWARE\twaintec
obj[11]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[12]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[13]=RegKey : Software\Look2Me
obj[14]=RegKey : SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian
obj[15]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved
obj[144]=File : c:\documents and settings\bill
gildart\local settings\temp\icd2.tmp\bi.dll
obj[145]=File : c:\documents and settings\bill
gildart\local settings\temp\icd4.tmp\bi.dll
obj[146]=File : c:\documents and settings\bill
gildart\local settings\temp\icd6.tmp\bi.dll
obj[147]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\preinstt.exe
obj[148]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\twaintec.dll
obj[149]=File : c:\documents and settings\bill
gildart\local settings\temp\belt.exe
obj[150]=File : c:\documents and settings\bill
gildart\local settings\temp\biini.cab
obj[151]=File : c:\documents and settings\bill
gildart\local settings\temp\preinsbi.exe
obj[152]=File : c:\documents and settings\bill
gildart\local settings\temp\twaintec.ini
obj[153]=File : c:\documents and settings\bill
gildart\local settings\temp\twtini.cab
obj[154]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011364.ini
obj[155]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011721.ini
obj[156]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012276.ini
obj[157]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012712.exe
obj[158]=File : c:\windows\system32\msg117.dll
obj[159]=File : c:\windows\temp\old70.tmp
obj[160]=File : c:\windows\preinsbi.exe
obj[161]=File : c:\windows\preinstt.exe
obj[162]=File : c:\windows\twaintec.dll
obj[163]=File : c:\windows\system32\msg{ccd4d772-95ad-
4ef0-a156-99f95b8b3548}0115.dll
obj[164]=File : c:\windows\system32\msg{f60366e4-d8b8-
4401-9b83-99fcdc916dca}0115.dll
obj[165]=File : c:\docume~1\billgi~1\locals~1
\temp\belt.cab
obj[166]=File : c:\docume~1\billgi~1\locals~1\temp\bi.ini
obj[167]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.cab
obj[168]=File : c:\docume~1\billgi~1\locals~1 \temp\bi8.inf
obj[169]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.cab
obj[170]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.inf
obj[171]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.cab
obj[172]=File : c:\docume~1\billgi~1\locals~1 \temp\bil.inf
obj[173]=File : c:\docume~1\billgi~1\locals~1
\temp\twaintec.ini
obj[174]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.cab
obj[175]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.inf
obj[176]=File : c:\windows\bi.ini
obj[177]=File : c:\windows\inf\twtini.inf
obj[178]=File : c:\windows\twaintec.ini
obj[179]=File : c:\windows\system32\msg118.dll
obj[180]=File : c:\docume~1\billgi~1\locals~1
\temp\icd2.tmp\bi.dll
obj[181]=File : c:\docume~1\billgi~1\locals~1
\temp\icd4.tmp\bi.dll
obj[182]=File : c:\docume~1\billgi~1\locals~1
\temp\icd6.tmp\bi.dll
obj[183]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\preinstt.exe
obj[184]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\twaintec.dll

VISICOM MEDIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[16]=RegKey : CLSID\{4E7BD74F-2B8D-469E-C0FB-
EF60B19DA02A}
obj[17]=RegKey : wzhelper.WZHELPER
obj[18]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}
obj[19]=RegKey : Software\Dynamic Toolbar
obj[185]=File : c:\windows\system32\wzhelper.dll

POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[20]=RegValue : Software\Powerscan
obj[21]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[22]=Folder : c:\documents and settings\bill
gildart\start menu\programs\Power Scan
obj[254]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009557.exe
obj[255]=File : c:\documents and settings\bill
gildart\start menu\programs\power scan\power scan.lnk

POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[23]=RegKey : Software\trshlycklyfafdee
obj[24]=RegData : Software\Microsoft\Internet
Explorer\Search
obj[25]=RegData : Software\Microsoft\Internet
Explorer\Main

OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[26]=RegKey : Software\adtomi
obj[256]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009729.exe
obj[257]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009733.exe
obj[258]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009737.exe

MEMORYWATCHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[27]=Folder : c:\program files\MemoryWatcher
obj[259]=File : c:\documents and settings\default user\my
documents\data\data\memwatcher.exe
obj[260]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012707.exe
obj[261]=File : c:\program
files\memorywatcher\upgradememorywatcher.exe

LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=Folder : c:\program files\lycos\Sidesearch
obj[262]=File : c:\program
files\lycos\sidesearch\sidesearch1211.dll
obj[263]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011300.dll

LOP.COM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[29]=RegKey : CLSID\{42213C05-A722-60DC-171A-
CBFC48BC8A13}
obj[30]=RegKey : CLSID\{D26FC04F-2F0A-9487-DEA0-
A719DF2D92E9}
obj[31]=RegKey : Drive.UploadROAM
obj[32]=RegKey : Drive.UploadROAM.1
obj[33]=RegKey : Each.TheBend
obj[34]=RegKey : Each.TheBend.1
obj[35]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{D26FC04F-2F0A-9487-DEA0-A719DF2D92E9}
obj[36]=RegValue : SOFTWARE\Microsoft\Internet
Explorer\Toolbar
obj[264]=File : c:\progra~1\softexit\about1.dll
obj[265]=File : c:\documents and settings\bill
gildart\application data\xthgltco.exe
obj[266]=File : c:\documents and settings\bill
gildart\local settings\temp\bkm1.exe
obj[267]=File : c:\documents and settings\bill
gildart\local settings\temp\bsd1.exe
obj[268]=File : c:\documents and settings\bill
gildart\local settings\temp\eom1.exe
obj[269]=File : c:\documents and settings\bill
gildart\local settings\temp\fqp4.exe
obj[270]=File : c:\documents and settings\bill
gildart\local settings\temp\guc1.exe
obj[271]=File : c:\documents and settings\bill
gildart\local settings\temp\hup2.exe
obj[272]=File : c:\documents and settings\bill
gildart\local settings\temp\iiw1.exe
obj[273]=File : c:\documents and settings\bill
gildart\local settings\temp\ipw1.exe
obj[274]=File : c:\documents and settings\bill
gildart\local settings\temp\nah1.exe
obj[275]=File : c:\documents and settings\bill
gildart\local settings\temp\ohl1.exe
obj[276]=File : c:\documents and settings\bill
gildart\local settings\temp\ohr1.exe
obj[277]=File : c:\documents and settings\bill
gildart\local settings\temp\quw1.exe
obj[278]=File : c:\documents and settings\bill
gildart\local settings\temp\rem2.exe
obj[279]=File : c:\documents and settings\bill
gildart\local settings\temp\rem9.exe
obj[280]=File : c:\documents and settings\bill
gildart\local settings\temp\rema.exe
obj[281]=File : c:\documents and settings\bill
gildart\local settings\temp\remb.exe
obj[282]=File : c:\documents and settings\bill
gildart\local settings\temp\remc.exe
obj[283]=File : c:\documents and settings\bill
gildart\local settings\temp\sbo1.exe
obj[284]=File : c:\documents and settings\bill
gildart\local settings\temp\urc1.exe
obj[285]=File : c:\documents and settings\bill
gildart\local settings\temp\uua1.exe
obj[286]=File : c:\documents and settings\bill
gildart\local settings\temp\ydi1.exe
obj[287]=File : c:\program files\softexit\about1.dll
obj[288]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011845.dll
obj[289]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012696.exe

ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[37]=RegValue : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser

IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[38]=RegKey : SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{26E8361F-BCE7-4F75-A347-
98C88B418322}
obj[39]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUTO _
UNINSTALL
obj[290]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009961.dll

HELPEXPRESS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[40]=RegKey : SOFTWARE\Alset\HX
obj[41]=RegKey : Software\Alset\HX\HXDL
obj[42]=RegKey : Software\Alset\HX\HXIUL
obj[43]=RegKey : Software\Alset
obj[44]=RegKey : SOFTWARE\Alset
obj[45]=RegValue :
Software\Microsoft\Windows\CurrentVersion\Run
obj[291]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010263.exe
obj[292]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012592.exe
obj[293]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012596.exe
obj[294]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012685.exe

EUNIVERSE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[46]=RegKey : bho.incredifindbho
obj[47]=RegKey : bho.incredifindbho.1
obj[48]=RegKey : CLSID\{5d60ff48-95be-4956-b4c6-
6bb168a70310}
obj[49]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-
E9613226F14D}
obj[50]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}
obj[51]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-
f8753551b875}
obj[52]=RegKey : SOFTWARE\IncrediFind
obj[53]=RegKey : SOFTWARE\updater
obj[54]=RegKey : Software\Visicom Media
obj[55]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-
000000000000}
obj[56]=Folder : c:\program files\Dynamic Toolbar
obj[295]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009957.exe
obj[296]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011321.exe
obj[297]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012635.exe
obj[298]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012640.exe
obj[299]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012679.exe
obj[300]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012680.exe
obj[301]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012681.exe
obj[302]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012692.dll
obj[303]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012693.dll
obj[304]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012697.dll
obj[305]=File : c:\program files\dynamic toolbar\pwrswmda
obj[306]=File : c:\program files\dynamic toolbar\wzhelper
obj[307]=File : c:\docume~1\billgi~1\locals~1
\temp\incredifindbholog.tmp
obj[308]=File : c:\temp\eunivbholog.tmp

CLIPGENIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[57]=RegKey : Software\ClipGenie
obj[58]=RegKey : Software\TrayNotifier\ClipGenie
obj[59]=RegKey : SOFTWARE\TrayNotifier\ClipGenie
obj[322]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010054.exe
obj[323]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010057.exe
obj[324]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010116.exe

CLEARSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[60]=RegValue : Software\Microsoft\Internet
Explorer\URLSearchHooks
obj[325]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009552.exe
obj[326]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011311.exe
obj[327]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011314.exe
obj[328]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011407.exe
obj[329]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011408.exe

CLARIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[61]=RegKey : CLSID\{dbae7000-01ec-4162-8feb-
8a27ac937ca0}
obj[62]=RegKey : hdplugin.hdpluginctrl
obj[63]=RegKey : hdplugin.hdpluginctrl.1
obj[64]=RegKey : TYPELIB\{2ec7a834-9c5e-4154-badc-
0d86a2edc82d}
obj[65]=RegKey : Interface\{22D34833-06F9-4CE6-9FF7-
CE4DA0BA351D}
obj[330]=File : c:\windows\downloaded program
files\hdplugin1014.dll
obj[331]=File : c:\windows\downloaded program
files\hdplugin1014.inf
obj[332]=File : c:\windows\downloaded program
files\hdplugin1015.dll
obj[333]=File : c:\windows\downloaded program
files\hdplugin1015.inf
obj[334]=File : c:\documents and settings\all users\start
menu\programs\startup\gstartup.lnk

ADROTATOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[66]=RegKey : AdRotator.Application
obj[67]=RegKey : CLSID\{34EF5B1C-52CB-400b-8B7C-
F787018B3826}
obj[68]=RegKey : CLSID\{3E7145B1-EA07-42CE-9299-
11DF39FF54BD}
obj[69]=RegKey : CLSID\{5074851C-F67A-488E-A9C9-
C244573F4068}
obj[70]=RegKey : defaultsearch.seekseek
obj[71]=RegKey : defaultsearch.seekseek.1
obj[72]=RegKey : Interface\{39341EB6-C340-4F68-AB9D-
EE4917309828}
obj[73]=RegKey : Interface\{E9D8697E-BEA9-4170-84F3-
509AD2A11951}
obj[74]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browse r
Helper Objects\{5074851C-F67A-488E-A9C9-C244573F4068}
obj[75]=RegKey : SOFTWARE\Mwsvm
obj[76]=RegKey : SOFTWARE\slmss
obj[77]=RegKey : TypeLib\{3CD9D85E-1FF2-4BF7-A113-
6669B8D1E676}
obj[78]=RegKey : TYPELIB\{eac42c32-1fe3-4fd0-9f27-
e7f9ccf5fcd9}
obj[79]=RegKey : urllauncher.urllaunchercontrol
obj[80]=RegKey : urllauncher.urllaunchercontrol.1
obj[81]=Folder : c:\program files\common files\Slmss
obj[338]=File : c:\program files\common
files\slmss\slmss.exe
obj[339]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009503.exe
obj[340]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010290.ocx
obj[341]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010291.exe
obj[342]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011316.exe
obj[343]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011410.exe
obj[344]=File : c:\windows\ieasst.dll
obj[345]=File : c:\windows\mwsvm.bin
obj[346]=File : c:\windows\urls.bin
obj[347]=File : c:\windows\vurls.bin
obj[348]=File : c:\windows\mwsvm.dat
obj[349]=File : c:\windows\mwsvm.exe
obj[350]=File : c:\windows\mwsvm.ocx
obj[351]=File : c:\windows\vs.bin

ADDESTROYER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[82]=RegKey : software\vb and vba program
settings\addestroyer

180SOLUTIONS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[83]=RegKey : Interface\{8DD50C56-8A07-40B9-98C4-
3F169E3AE28E}
obj[84]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program
Files/CONFLICT.1/nCaseInstaller.dll
obj[85]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/CONFLICT.1/nCASELib.dll
obj[86]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program
Files/CONFLICT.2/nCaseInstaller.dll
obj[87]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/CONFLICT.2/nCASELib.dll
obj[88]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program
Files/CONFLICT.3/nCaseInstaller.dll
obj[89]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/CONFLICT.3/nCASELib.dll
obj[90]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/ W
INDOWS/Downloaded Program Files/nCASELib.dll
obj[91]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[92]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[93]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[94]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[95]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[96]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[97]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[354]=File : c:\windows\downloaded program
files\conflict.1\ncaseinstaller.dll
obj[355]=File : c:\windows\downloaded program
files\conflict.1\ncaselib.dll
obj[356]=File : c:\windows\downloaded program
files\conflict.2\ncaseinstaller.dll
obj[357]=File : c:\windows\downloaded program
files\conflict.2\ncaselib.dll
obj[358]=File : c:\windows\downloaded program
files\conflict.3\ncaseinstaller.dll
obj[359]=File : c:\windows\downloaded program
files\conflict.3\ncaselib.dll
obj[360]=File : c:\windows\downloaded program
files\ncaselib.dll
obj[361]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011315.exe
obj[362]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011409.exe
obj[363]=File : c:\windows\system32\iefeatures.exe

WIN32.WELCHIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[102]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009499.exe
obj[103]=File : c:\windows\system32\wins\svchost.exe

WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[143]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011422.exe

STATBLASTER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[186]=File : c:\program
files\media\media\updatestats.exe

SECONDTHOUGHT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[187]=File : c:\windows\downloaded program
files\conflict.1\install.exe
obj[188]=File : c:\windows\downloaded program
files\conflict.2\install.exe
obj[189]=File : c:\windows\downloaded program
files\conflict.3\install.exe
obj[190]=File : c:\windows\downloaded program
files\install.exe
obj[191]=File : c:\windows\system32\idleui.dll
obj[192]=File : c:\windows\system32\stcloader.exe

SEARCHCENTRIX
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[193]=File : c:\windows\system32\barbho.dll

SAHAGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[194]=File : c:\windows\downloaded program
files\lsp_.dll
obj[195]=File : c:\windows\downloaded program
files\sahagent_.exe
obj[196]=File : c:\windows\downloaded program
files\sahdownloader_.exe
obj[197]=File : c:\windows\downloaded program
files\sahhtml_.exe
obj[198]=File : c:\windows\downloaded program
files\sahuninstall_.exe
obj[199]=File : c:\windows\system32\sahagent.exe
obj[200]=File : c:\windows\system32\sahagent1008.exe
obj[201]=File : c:\windows\system32\sahhtml.exe

RADS01.QUADROGRAM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[202]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008137.exe
obj[203]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008151.exe
obj[204]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008174.exe
obj[205]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008193.exe
obj[206]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008336.exe
obj[207]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008351.exe
obj[208]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008377.exe
obj[209]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009368.exe
obj[210]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009385.exe
obj[211]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009414.exe
obj[212]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009438.exe
obj[213]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009465.exe
obj[214]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009484.exe
obj[215]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009511.exe
obj[216]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009525.exe
obj[217]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009542.exe
obj[218]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009576.exe
obj[219]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp126\a0009614.exe
obj[220]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp127\a0009631.exe
obj[221]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009681.exe
obj[222]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009718.exe
obj[223]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009929.exe
obj[224]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009972.exe
obj[225]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010011.exe
obj[226]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010076.exe
obj[227]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010106.exe
obj[228]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010152.exe
obj[229]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010248.exe
obj[230]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010284.exe
obj[231]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011291.exe
obj[232]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011338.exe
obj[233]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011388.exe
obj[234]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011455.exe
obj[235]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp146\a0011492.exe
obj[236]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp147\a0011535.exe
obj[237]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011643.exe
obj[238]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011677.exe
obj[239]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011742.exe
obj[240]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp153\a0011758.exe
obj[241]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011788.exe
obj[242]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011814.exe
obj[243]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011838.exe
obj[244]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012073.exe
obj[245]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012209.exe
obj[246]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012224.exe
obj[247]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012248.exe
obj[248]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012264.exe
obj[249]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012297.exe
obj[250]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp155\a0012331.exe
obj[251]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012496.exe
obj[252]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012510.exe
obj[253]=File : c:\windows\emsw.exe

DOWNLOADWARE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[309]=File : c:\documents and settings\bill
gildart\local settings\temp\ins282.tmp
obj[310]=File : c:\documents and settings\bill
gildart\local settings\temp\ins6f.tmp
obj[311]=File : c:\windows\digital signature 20031112.htm
obj[312]=File : c:\windows\digital signature 20031118.htm
obj[313]=File : c:\windows\digital signature 20031204.htm
obj[314]=File : c:\windows\digital signature 20031205.htm
obj[315]=File : c:\windows\digital signature 20031209.htm
obj[316]=File : c:\windows\digital signature 20031211.htm
obj[317]=File : c:\windows\digital signature 20031212.htm
obj[318]=File : c:\windows\digital signature 20031213.htm
obj[319]=File : c:\windows\digital signature 20031216.htm
obj[320]=File : c:\windows\digital signature 20040115.htm
obj[321]=File : c:\windows\digital signature 20040121.htm

ADSINCONTEXT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[335]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008180.exe
obj[336]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010028.dll
obj[337]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011467.exe

ADPARTNER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[352]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011778.dll
obj[353]=File : c:\windows\system32\aplsp.dll


.

 

[Guest]

Please log on to Ad-aware forums and post there
Here is the link my friend
http://www.lavasoftsupport.com

You will have to make yourself a profile..
Tell Canuk Hi from Soulcommander when u get there

 

[Guest]

Help
I seem to be having the same problem i downloaded adaware and now i am unable to connect to the internet. Also i am unable to do a system restore. The only restore date is todays date and i can not change the restore point. Please can someone tell me what to do next

 

[Rocket J. Squirrel]

Lavasoft Support Forums
http://www.lavasoftsupport.com/

Rocky

Help
I seem to be having the same problem i downloaded adaware and now i am

unable to connect to the internet. Also i am unable to do a system restore.
The only restore date is todays date and i can not change the restore point.
Please can someone tell me what to do next

 

[Tom G]

Not sure which operating system you're running but when my son's w98se
system got hit with a browser hijacker, I ran Adaware and it cleaned the
system fine except that the nasty hijacker it got rid of also took all the
internet connection settings with it.

Could log onto network, but could not connect to internet.

Found a gem of a tool to repair it at
http://www.bu.edu/pcsc/internetaccess/winsock2fix.html .

Ran the DOS program offered there and all was back to normal.

Hope this helps.

TomG.

Help
I seem to be having the same problem i downloaded adaware and now i am

unable to connect to the internet. Also i am unable to do a system restore.
The only restore date is todays date and i can not change the restore point.
Please can someone tell me what to do next