J
janeg
I updated Adaware on my son's Dell laptop running XP Pro.
It quarantined and deleted more than 300 items. I saved
the quarantine log. After rebooting, I can no longer get
an internet connection. Anyone know why?
Here is my quarantine log.
ArchiveData(auto-quarantine- 06-03-2004 12-18-20.bckp)
======================================================
XUPITER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : toolbar.band.1
obj[1]=RegKey : toolbar.band
obj[2]=RegKey : CLSID\{702ad576-fddb-4d0f-9811-
a43252064684}
obj[3]=RegKey : Interface\{229B6742-97C5-4FA1-89D0-
0117BE82FC39}
obj[4]=Folder : c:\program files\common files\OE
obj[98]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009565.dll
obj[99]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009945.dll
obj[100]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010131.dll
obj[101]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011324.dll
WILDTANGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[5]=RegKey : SOFTWARE\WildTangent
obj[6]=RegKey : Control Panel\MMCPL
obj[7]=Folder : c:\windows\wt
obj[104]=File : c:\documents and settings\bill
gildart\local settings\temp\ubgmtat.exe
obj[105]=File : c:\program
files\aim\sysfiles\aimwdinstall.exe
obj[106]=File : c:\program files\aim\aimwdinstall.exe
obj[107]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012389.dll
obj[108]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012390.dll
obj[109]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012391.dll
obj[110]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012480.dll
obj[111]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012530.dll
obj[112]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012531.dll
obj[113]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012532.dll
obj[114]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012533.dll
obj[115]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012534.exe
obj[116]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012535.exe
obj[117]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012536.dll
obj[118]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012537.dll
obj[119]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012538.dll
obj[120]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012539.dll
obj[121]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012540.dll
obj[122]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012541.dll
obj[123]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012542.ax
obj[124]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012543.ax
obj[125]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012553.dll
obj[126]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012554.exe
obj[127]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012555.exe
obj[128]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012556.exe
obj[129]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012557.dll
obj[130]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012558.dll
obj[131]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012559.cpl
obj[132]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012560.cpl
obj[133]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012601.exe
obj[134]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012702.dll
obj[135]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012703.dll
obj[136]=File : c:\windows\wt\wtdrm\drm0302.dll
obj[137]=File : c:\windows\wt\wtdrm\jdrm0302.dll
obj[138]=File : c:\windows\wt\wtdrm\rdrm0302.dll
obj[139]=File : c:\windows\wt\updater
obj[140]=File : c:\windows\wt\webdriver
obj[141]=File : c:\windows\wt\wtdrm
obj[142]=File : c:\windows\wt\wtupdates
VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegKey : CLSID\{000020DD-C72E-4113-AF77-
DD56626C6C42}
obj[9]=RegKey : CLSID\{DDFFA75A-E81D-4454-89FC-
B9FD0631E726}
obj[10]=RegKey : SOFTWARE\twaintec
obj[11]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[12]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[13]=RegKey : Software\Look2Me
obj[14]=RegKey : SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian
obj[15]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved
obj[144]=File : c:\documents and settings\bill
gildart\local settings\temp\icd2.tmp\bi.dll
obj[145]=File : c:\documents and settings\bill
gildart\local settings\temp\icd4.tmp\bi.dll
obj[146]=File : c:\documents and settings\bill
gildart\local settings\temp\icd6.tmp\bi.dll
obj[147]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\preinstt.exe
obj[148]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\twaintec.dll
obj[149]=File : c:\documents and settings\bill
gildart\local settings\temp\belt.exe
obj[150]=File : c:\documents and settings\bill
gildart\local settings\temp\biini.cab
obj[151]=File : c:\documents and settings\bill
gildart\local settings\temp\preinsbi.exe
obj[152]=File : c:\documents and settings\bill
gildart\local settings\temp\twaintec.ini
obj[153]=File : c:\documents and settings\bill
gildart\local settings\temp\twtini.cab
obj[154]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011364.ini
obj[155]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011721.ini
obj[156]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012276.ini
obj[157]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012712.exe
obj[158]=File : c:\windows\system32\msg117.dll
obj[159]=File : c:\windows\temp\old70.tmp
obj[160]=File : c:\windows\preinsbi.exe
obj[161]=File : c:\windows\preinstt.exe
obj[162]=File : c:\windows\twaintec.dll
obj[163]=File : c:\windows\system32\msg{ccd4d772-95ad-
4ef0-a156-99f95b8b3548}0115.dll
obj[164]=File : c:\windows\system32\msg{f60366e4-d8b8-
4401-9b83-99fcdc916dca}0115.dll
obj[165]=File : c:\docume~1\billgi~1\locals~1
\temp\belt.cab
obj[166]=File : c:\docume~1\billgi~1\locals~1\temp\bi.ini
obj[167]=File : c:\docume~1\billgi~1\locals~1\temp\bi8.cab
obj[168]=File : c:\docume~1\billgi~1\locals~1\temp\bi8.inf
obj[169]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.cab
obj[170]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.inf
obj[171]=File : c:\docume~1\billgi~1\locals~1\temp\bil.cab
obj[172]=File : c:\docume~1\billgi~1\locals~1\temp\bil.inf
obj[173]=File : c:\docume~1\billgi~1\locals~1
\temp\twaintec.ini
obj[174]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.cab
obj[175]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.inf
obj[176]=File : c:\windows\bi.ini
obj[177]=File : c:\windows\inf\twtini.inf
obj[178]=File : c:\windows\twaintec.ini
obj[179]=File : c:\windows\system32\msg118.dll
obj[180]=File : c:\docume~1\billgi~1\locals~1
\temp\icd2.tmp\bi.dll
obj[181]=File : c:\docume~1\billgi~1\locals~1
\temp\icd4.tmp\bi.dll
obj[182]=File : c:\docume~1\billgi~1\locals~1
\temp\icd6.tmp\bi.dll
obj[183]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\preinstt.exe
obj[184]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\twaintec.dll
VISICOM MEDIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[16]=RegKey : CLSID\{4E7BD74F-2B8D-469E-C0FB-
EF60B19DA02A}
obj[17]=RegKey : wzhelper.WZHELPER
obj[18]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}
obj[19]=RegKey : Software\Dynamic Toolbar
obj[185]=File : c:\windows\system32\wzhelper.dll
POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[20]=RegValue : Software\Powerscan
obj[21]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[22]=Folder : c:\documents and settings\bill
gildart\start menu\programs\Power Scan
obj[254]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009557.exe
obj[255]=File : c:\documents and settings\bill
gildart\start menu\programs\power scan\power scan.lnk
POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[23]=RegKey : Software\trshlycklyfafdee
obj[24]=RegData : Software\Microsoft\Internet
Explorer\Search
obj[25]=RegData : Software\Microsoft\Internet
Explorer\Main
OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[26]=RegKey : Software\adtomi
obj[256]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009729.exe
obj[257]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009733.exe
obj[258]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009737.exe
MEMORYWATCHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[27]=Folder : c:\program files\MemoryWatcher
obj[259]=File : c:\documents and settings\default user\my
documents\data\data\memwatcher.exe
obj[260]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012707.exe
obj[261]=File : c:\program
files\memorywatcher\upgradememorywatcher.exe
LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=Folder : c:\program files\lycos\Sidesearch
obj[262]=File : c:\program
files\lycos\sidesearch\sidesearch1211.dll
obj[263]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011300.dll
LOP.COM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[29]=RegKey : CLSID\{42213C05-A722-60DC-171A-
CBFC48BC8A13}
obj[30]=RegKey : CLSID\{D26FC04F-2F0A-9487-DEA0-
A719DF2D92E9}
obj[31]=RegKey : Drive.UploadROAM
obj[32]=RegKey : Drive.UploadROAM.1
obj[33]=RegKey : Each.TheBend
obj[34]=RegKey : Each.TheBend.1
obj[35]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{D26FC04F-2F0A-9487-DEA0-A719DF2D92E9}
obj[36]=RegValue : SOFTWARE\Microsoft\Internet
Explorer\Toolbar
obj[264]=File : c:\progra~1\softexit\about1.dll
obj[265]=File : c:\documents and settings\bill
gildart\application data\xthgltco.exe
obj[266]=File : c:\documents and settings\bill
gildart\local settings\temp\bkm1.exe
obj[267]=File : c:\documents and settings\bill
gildart\local settings\temp\bsd1.exe
obj[268]=File : c:\documents and settings\bill
gildart\local settings\temp\eom1.exe
obj[269]=File : c:\documents and settings\bill
gildart\local settings\temp\fqp4.exe
obj[270]=File : c:\documents and settings\bill
gildart\local settings\temp\guc1.exe
obj[271]=File : c:\documents and settings\bill
gildart\local settings\temp\hup2.exe
obj[272]=File : c:\documents and settings\bill
gildart\local settings\temp\iiw1.exe
obj[273]=File : c:\documents and settings\bill
gildart\local settings\temp\ipw1.exe
obj[274]=File : c:\documents and settings\bill
gildart\local settings\temp\nah1.exe
obj[275]=File : c:\documents and settings\bill
gildart\local settings\temp\ohl1.exe
obj[276]=File : c:\documents and settings\bill
gildart\local settings\temp\ohr1.exe
obj[277]=File : c:\documents and settings\bill
gildart\local settings\temp\quw1.exe
obj[278]=File : c:\documents and settings\bill
gildart\local settings\temp\rem2.exe
obj[279]=File : c:\documents and settings\bill
gildart\local settings\temp\rem9.exe
obj[280]=File : c:\documents and settings\bill
gildart\local settings\temp\rema.exe
obj[281]=File : c:\documents and settings\bill
gildart\local settings\temp\remb.exe
obj[282]=File : c:\documents and settings\bill
gildart\local settings\temp\remc.exe
obj[283]=File : c:\documents and settings\bill
gildart\local settings\temp\sbo1.exe
obj[284]=File : c:\documents and settings\bill
gildart\local settings\temp\urc1.exe
obj[285]=File : c:\documents and settings\bill
gildart\local settings\temp\uua1.exe
obj[286]=File : c:\documents and settings\bill
gildart\local settings\temp\ydi1.exe
obj[287]=File : c:\program files\softexit\about1.dll
obj[288]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011845.dll
obj[289]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012696.exe
ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[37]=RegValue : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[38]=RegKey : SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{26E8361F-BCE7-4F75-A347-
98C88B418322}
obj[39]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUTO_
UNINSTALL
obj[290]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009961.dll
HELPEXPRESS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[40]=RegKey : SOFTWARE\Alset\HX
obj[41]=RegKey : Software\Alset\HX\HXDL
obj[42]=RegKey : Software\Alset\HX\HXIUL
obj[43]=RegKey : Software\Alset
obj[44]=RegKey : SOFTWARE\Alset
obj[45]=RegValue :
Software\Microsoft\Windows\CurrentVersion\Run
obj[291]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010263.exe
obj[292]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012592.exe
obj[293]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012596.exe
obj[294]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012685.exe
EUNIVERSE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[46]=RegKey : bho.incredifindbho
obj[47]=RegKey : bho.incredifindbho.1
obj[48]=RegKey : CLSID\{5d60ff48-95be-4956-b4c6-
6bb168a70310}
obj[49]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-
E9613226F14D}
obj[50]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}
obj[51]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-
f8753551b875}
obj[52]=RegKey : SOFTWARE\IncrediFind
obj[53]=RegKey : SOFTWARE\updater
obj[54]=RegKey : Software\Visicom Media
obj[55]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-
000000000000}
obj[56]=Folder : c:\program files\Dynamic Toolbar
obj[295]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009957.exe
obj[296]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011321.exe
obj[297]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012635.exe
obj[298]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012640.exe
obj[299]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012679.exe
obj[300]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012680.exe
obj[301]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012681.exe
obj[302]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012692.dll
obj[303]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012693.dll
obj[304]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012697.dll
obj[305]=File : c:\program files\dynamic toolbar\pwrswmda
obj[306]=File : c:\program files\dynamic toolbar\wzhelper
obj[307]=File : c:\docume~1\billgi~1\locals~1
\temp\incredifindbholog.tmp
obj[308]=File : c:\temp\eunivbholog.tmp
CLIPGENIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[57]=RegKey : Software\ClipGenie
obj[58]=RegKey : Software\TrayNotifier\ClipGenie
obj[59]=RegKey : SOFTWARE\TrayNotifier\ClipGenie
obj[322]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010054.exe
obj[323]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010057.exe
obj[324]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010116.exe
CLEARSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[60]=RegValue : Software\Microsoft\Internet
Explorer\URLSearchHooks
obj[325]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009552.exe
obj[326]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011311.exe
obj[327]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011314.exe
obj[328]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011407.exe
obj[329]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011408.exe
CLARIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[61]=RegKey : CLSID\{dbae7000-01ec-4162-8feb-
8a27ac937ca0}
obj[62]=RegKey : hdplugin.hdpluginctrl
obj[63]=RegKey : hdplugin.hdpluginctrl.1
obj[64]=RegKey : TYPELIB\{2ec7a834-9c5e-4154-badc-
0d86a2edc82d}
obj[65]=RegKey : Interface\{22D34833-06F9-4CE6-9FF7-
CE4DA0BA351D}
obj[330]=File : c:\windows\downloaded program
files\hdplugin1014.dll
obj[331]=File : c:\windows\downloaded program
files\hdplugin1014.inf
obj[332]=File : c:\windows\downloaded program
files\hdplugin1015.dll
obj[333]=File : c:\windows\downloaded program
files\hdplugin1015.inf
obj[334]=File : c:\documents and settings\all users\start
menu\programs\startup\gstartup.lnk
ADROTATOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[66]=RegKey : AdRotator.Application
obj[67]=RegKey : CLSID\{34EF5B1C-52CB-400b-8B7C-
F787018B3826}
obj[68]=RegKey : CLSID\{3E7145B1-EA07-42CE-9299-
11DF39FF54BD}
obj[69]=RegKey : CLSID\{5074851C-F67A-488E-A9C9-
C244573F4068}
obj[70]=RegKey : defaultsearch.seekseek
obj[71]=RegKey : defaultsearch.seekseek.1
obj[72]=RegKey : Interface\{39341EB6-C340-4F68-AB9D-
EE4917309828}
obj[73]=RegKey : Interface\{E9D8697E-BEA9-4170-84F3-
509AD2A11951}
obj[74]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5074851C-F67A-488E-A9C9-C244573F4068}
obj[75]=RegKey : SOFTWARE\Mwsvm
obj[76]=RegKey : SOFTWARE\slmss
obj[77]=RegKey : TypeLib\{3CD9D85E-1FF2-4BF7-A113-
6669B8D1E676}
obj[78]=RegKey : TYPELIB\{eac42c32-1fe3-4fd0-9f27-
e7f9ccf5fcd9}
obj[79]=RegKey : urllauncher.urllaunchercontrol
obj[80]=RegKey : urllauncher.urllaunchercontrol.1
obj[81]=Folder : c:\program files\common files\Slmss
obj[338]=File : c:\program files\common
files\slmss\slmss.exe
obj[339]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009503.exe
obj[340]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010290.ocx
obj[341]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010291.exe
obj[342]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011316.exe
obj[343]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011410.exe
obj[344]=File : c:\windows\ieasst.dll
obj[345]=File : c:\windows\mwsvm.bin
obj[346]=File : c:\windows\urls.bin
obj[347]=File : c:\windows\vurls.bin
obj[348]=File : c:\windows\mwsvm.dat
obj[349]=File : c:\windows\mwsvm.exe
obj[350]=File : c:\windows\mwsvm.ocx
obj[351]=File : c:\windows\vs.bin
ADDESTROYER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[82]=RegKey : software\vb and vba program
settings\addestroyer
180SOLUTIONS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[83]=RegKey : Interface\{8DD50C56-8A07-40B9-98C4-
3F169E3AE28E}
obj[84]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.1/nCaseInstaller.dll
obj[85]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.1/nCASELib.dll
obj[86]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.2/nCaseInstaller.dll
obj[87]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.2/nCASELib.dll
obj[88]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.3/nCaseInstaller.dll
obj[89]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.3/nCASELib.dll
obj[90]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/nCASELib.dll
obj[91]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[92]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[93]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[94]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[95]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[96]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[97]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[354]=File : c:\windows\downloaded program
files\conflict.1\ncaseinstaller.dll
obj[355]=File : c:\windows\downloaded program
files\conflict.1\ncaselib.dll
obj[356]=File : c:\windows\downloaded program
files\conflict.2\ncaseinstaller.dll
obj[357]=File : c:\windows\downloaded program
files\conflict.2\ncaselib.dll
obj[358]=File : c:\windows\downloaded program
files\conflict.3\ncaseinstaller.dll
obj[359]=File : c:\windows\downloaded program
files\conflict.3\ncaselib.dll
obj[360]=File : c:\windows\downloaded program
files\ncaselib.dll
obj[361]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011315.exe
obj[362]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011409.exe
obj[363]=File : c:\windows\system32\iefeatures.exe
WIN32.WELCHIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[102]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009499.exe
obj[103]=File : c:\windows\system32\wins\svchost.exe
WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[143]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011422.exe
STATBLASTER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[186]=File : c:\program
files\media\media\updatestats.exe
SECONDTHOUGHT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[187]=File : c:\windows\downloaded program
files\conflict.1\install.exe
obj[188]=File : c:\windows\downloaded program
files\conflict.2\install.exe
obj[189]=File : c:\windows\downloaded program
files\conflict.3\install.exe
obj[190]=File : c:\windows\downloaded program
files\install.exe
obj[191]=File : c:\windows\system32\idleui.dll
obj[192]=File : c:\windows\system32\stcloader.exe
SEARCHCENTRIX
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[193]=File : c:\windows\system32\barbho.dll
SAHAGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[194]=File : c:\windows\downloaded program
files\lsp_.dll
obj[195]=File : c:\windows\downloaded program
files\sahagent_.exe
obj[196]=File : c:\windows\downloaded program
files\sahdownloader_.exe
obj[197]=File : c:\windows\downloaded program
files\sahhtml_.exe
obj[198]=File : c:\windows\downloaded program
files\sahuninstall_.exe
obj[199]=File : c:\windows\system32\sahagent.exe
obj[200]=File : c:\windows\system32\sahagent1008.exe
obj[201]=File : c:\windows\system32\sahhtml.exe
RADS01.QUADROGRAM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[202]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008137.exe
obj[203]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008151.exe
obj[204]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008174.exe
obj[205]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008193.exe
obj[206]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008336.exe
obj[207]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008351.exe
obj[208]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008377.exe
obj[209]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009368.exe
obj[210]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009385.exe
obj[211]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009414.exe
obj[212]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009438.exe
obj[213]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009465.exe
obj[214]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009484.exe
obj[215]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009511.exe
obj[216]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009525.exe
obj[217]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009542.exe
obj[218]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009576.exe
obj[219]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp126\a0009614.exe
obj[220]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp127\a0009631.exe
obj[221]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009681.exe
obj[222]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009718.exe
obj[223]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009929.exe
obj[224]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009972.exe
obj[225]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010011.exe
obj[226]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010076.exe
obj[227]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010106.exe
obj[228]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010152.exe
obj[229]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010248.exe
obj[230]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010284.exe
obj[231]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011291.exe
obj[232]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011338.exe
obj[233]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011388.exe
obj[234]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011455.exe
obj[235]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp146\a0011492.exe
obj[236]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp147\a0011535.exe
obj[237]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011643.exe
obj[238]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011677.exe
obj[239]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011742.exe
obj[240]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp153\a0011758.exe
obj[241]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011788.exe
obj[242]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011814.exe
obj[243]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011838.exe
obj[244]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012073.exe
obj[245]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012209.exe
obj[246]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012224.exe
obj[247]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012248.exe
obj[248]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012264.exe
obj[249]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012297.exe
obj[250]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp155\a0012331.exe
obj[251]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012496.exe
obj[252]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012510.exe
obj[253]=File : c:\windows\emsw.exe
DOWNLOADWARE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[309]=File : c:\documents and settings\bill
gildart\local settings\temp\ins282.tmp
obj[310]=File : c:\documents and settings\bill
gildart\local settings\temp\ins6f.tmp
obj[311]=File : c:\windows\digital signature 20031112.htm
obj[312]=File : c:\windows\digital signature 20031118.htm
obj[313]=File : c:\windows\digital signature 20031204.htm
obj[314]=File : c:\windows\digital signature 20031205.htm
obj[315]=File : c:\windows\digital signature 20031209.htm
obj[316]=File : c:\windows\digital signature 20031211.htm
obj[317]=File : c:\windows\digital signature 20031212.htm
obj[318]=File : c:\windows\digital signature 20031213.htm
obj[319]=File : c:\windows\digital signature 20031216.htm
obj[320]=File : c:\windows\digital signature 20040115.htm
obj[321]=File : c:\windows\digital signature 20040121.htm
ADSINCONTEXT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[335]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008180.exe
obj[336]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010028.dll
obj[337]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011467.exe
ADPARTNER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[352]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011778.dll
obj[353]=File : c:\windows\system32\aplsp.dll
It quarantined and deleted more than 300 items. I saved
the quarantine log. After rebooting, I can no longer get
an internet connection. Anyone know why?
Here is my quarantine log.
ArchiveData(auto-quarantine- 06-03-2004 12-18-20.bckp)
======================================================
XUPITER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[0]=RegKey : toolbar.band.1
obj[1]=RegKey : toolbar.band
obj[2]=RegKey : CLSID\{702ad576-fddb-4d0f-9811-
a43252064684}
obj[3]=RegKey : Interface\{229B6742-97C5-4FA1-89D0-
0117BE82FC39}
obj[4]=Folder : c:\program files\common files\OE
obj[98]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009565.dll
obj[99]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009945.dll
obj[100]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010131.dll
obj[101]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011324.dll
WILDTANGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[5]=RegKey : SOFTWARE\WildTangent
obj[6]=RegKey : Control Panel\MMCPL
obj[7]=Folder : c:\windows\wt
obj[104]=File : c:\documents and settings\bill
gildart\local settings\temp\ubgmtat.exe
obj[105]=File : c:\program
files\aim\sysfiles\aimwdinstall.exe
obj[106]=File : c:\program files\aim\aimwdinstall.exe
obj[107]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012389.dll
obj[108]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012390.dll
obj[109]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012391.dll
obj[110]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012480.dll
obj[111]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012530.dll
obj[112]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012531.dll
obj[113]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012532.dll
obj[114]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012533.dll
obj[115]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012534.exe
obj[116]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012535.exe
obj[117]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012536.dll
obj[118]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012537.dll
obj[119]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012538.dll
obj[120]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012539.dll
obj[121]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012540.dll
obj[122]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012541.dll
obj[123]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012542.ax
obj[124]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012543.ax
obj[125]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012553.dll
obj[126]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012554.exe
obj[127]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012555.exe
obj[128]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012556.exe
obj[129]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012557.dll
obj[130]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012558.dll
obj[131]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012559.cpl
obj[132]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012560.cpl
obj[133]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012601.exe
obj[134]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012702.dll
obj[135]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012703.dll
obj[136]=File : c:\windows\wt\wtdrm\drm0302.dll
obj[137]=File : c:\windows\wt\wtdrm\jdrm0302.dll
obj[138]=File : c:\windows\wt\wtdrm\rdrm0302.dll
obj[139]=File : c:\windows\wt\updater
obj[140]=File : c:\windows\wt\webdriver
obj[141]=File : c:\windows\wt\wtdrm
obj[142]=File : c:\windows\wt\wtupdates
VX2.BETTERINTERNET
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[8]=RegKey : CLSID\{000020DD-C72E-4113-AF77-
DD56626C6C42}
obj[9]=RegKey : CLSID\{DDFFA75A-E81D-4454-89FC-
B9FD0631E726}
obj[10]=RegKey : SOFTWARE\twaintec
obj[11]=RegKey : TwaintecDll.TwaintecDllObj.1
obj[12]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{000020DD-C72E-4113-AF77-DD56626C6C42}
obj[13]=RegKey : Software\Look2Me
obj[14]=RegKey : SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon\Notify\Guardian
obj[15]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Shell
Extensions\Approved
obj[144]=File : c:\documents and settings\bill
gildart\local settings\temp\icd2.tmp\bi.dll
obj[145]=File : c:\documents and settings\bill
gildart\local settings\temp\icd4.tmp\bi.dll
obj[146]=File : c:\documents and settings\bill
gildart\local settings\temp\icd6.tmp\bi.dll
obj[147]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\preinstt.exe
obj[148]=File : c:\documents and settings\bill
gildart\local settings\temp\thi6abf.tmp\twaintec.dll
obj[149]=File : c:\documents and settings\bill
gildart\local settings\temp\belt.exe
obj[150]=File : c:\documents and settings\bill
gildart\local settings\temp\biini.cab
obj[151]=File : c:\documents and settings\bill
gildart\local settings\temp\preinsbi.exe
obj[152]=File : c:\documents and settings\bill
gildart\local settings\temp\twaintec.ini
obj[153]=File : c:\documents and settings\bill
gildart\local settings\temp\twtini.cab
obj[154]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011364.ini
obj[155]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011721.ini
obj[156]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012276.ini
obj[157]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012712.exe
obj[158]=File : c:\windows\system32\msg117.dll
obj[159]=File : c:\windows\temp\old70.tmp
obj[160]=File : c:\windows\preinsbi.exe
obj[161]=File : c:\windows\preinstt.exe
obj[162]=File : c:\windows\twaintec.dll
obj[163]=File : c:\windows\system32\msg{ccd4d772-95ad-
4ef0-a156-99f95b8b3548}0115.dll
obj[164]=File : c:\windows\system32\msg{f60366e4-d8b8-
4401-9b83-99fcdc916dca}0115.dll
obj[165]=File : c:\docume~1\billgi~1\locals~1
\temp\belt.cab
obj[166]=File : c:\docume~1\billgi~1\locals~1\temp\bi.ini
obj[167]=File : c:\docume~1\billgi~1\locals~1\temp\bi8.cab
obj[168]=File : c:\docume~1\billgi~1\locals~1\temp\bi8.inf
obj[169]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.cab
obj[170]=File : c:\docume~1\billgi~1\locals~1
\temp\biini.inf
obj[171]=File : c:\docume~1\billgi~1\locals~1\temp\bil.cab
obj[172]=File : c:\docume~1\billgi~1\locals~1\temp\bil.inf
obj[173]=File : c:\docume~1\billgi~1\locals~1
\temp\twaintec.ini
obj[174]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.cab
obj[175]=File : c:\docume~1\billgi~1\locals~1
\temp\twtini.inf
obj[176]=File : c:\windows\bi.ini
obj[177]=File : c:\windows\inf\twtini.inf
obj[178]=File : c:\windows\twaintec.ini
obj[179]=File : c:\windows\system32\msg118.dll
obj[180]=File : c:\docume~1\billgi~1\locals~1
\temp\icd2.tmp\bi.dll
obj[181]=File : c:\docume~1\billgi~1\locals~1
\temp\icd4.tmp\bi.dll
obj[182]=File : c:\docume~1\billgi~1\locals~1
\temp\icd6.tmp\bi.dll
obj[183]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\preinstt.exe
obj[184]=File : c:\docume~1\billgi~1\locals~1
\temp\thi6abf.tmp\twaintec.dll
VISICOM MEDIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[16]=RegKey : CLSID\{4E7BD74F-2B8D-469E-C0FB-
EF60B19DA02A}
obj[17]=RegKey : wzhelper.WZHELPER
obj[18]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{4E7BD74F-2B8D-469E-C0FB-EF60B19DA02A}
obj[19]=RegKey : Software\Dynamic Toolbar
obj[185]=File : c:\windows\system32\wzhelper.dll
POWERSCAN
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[20]=RegValue : Software\Powerscan
obj[21]=RegValue :
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
obj[22]=Folder : c:\documents and settings\bill
gildart\start menu\programs\Power Scan
obj[254]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009557.exe
obj[255]=File : c:\documents and settings\bill
gildart\start menu\programs\power scan\power scan.lnk
POSSIBLE BROWSER HIJACK ATTEMPT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[23]=RegKey : Software\trshlycklyfafdee
obj[24]=RegData : Software\Microsoft\Internet
Explorer\Search
obj[25]=RegData : Software\Microsoft\Internet
Explorer\Main
OTHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[26]=RegKey : Software\adtomi
obj[256]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009729.exe
obj[257]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009733.exe
obj[258]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp129\a0009737.exe
MEMORYWATCHER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[27]=Folder : c:\program files\MemoryWatcher
obj[259]=File : c:\documents and settings\default user\my
documents\data\data\memwatcher.exe
obj[260]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012707.exe
obj[261]=File : c:\program
files\memorywatcher\upgradememorywatcher.exe
LYCOS SIDESEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[28]=Folder : c:\program files\lycos\Sidesearch
obj[262]=File : c:\program
files\lycos\sidesearch\sidesearch1211.dll
obj[263]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011300.dll
LOP.COM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[29]=RegKey : CLSID\{42213C05-A722-60DC-171A-
CBFC48BC8A13}
obj[30]=RegKey : CLSID\{D26FC04F-2F0A-9487-DEA0-
A719DF2D92E9}
obj[31]=RegKey : Drive.UploadROAM
obj[32]=RegKey : Drive.UploadROAM.1
obj[33]=RegKey : Each.TheBend
obj[34]=RegKey : Each.TheBend.1
obj[35]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{D26FC04F-2F0A-9487-DEA0-A719DF2D92E9}
obj[36]=RegValue : SOFTWARE\Microsoft\Internet
Explorer\Toolbar
obj[264]=File : c:\progra~1\softexit\about1.dll
obj[265]=File : c:\documents and settings\bill
gildart\application data\xthgltco.exe
obj[266]=File : c:\documents and settings\bill
gildart\local settings\temp\bkm1.exe
obj[267]=File : c:\documents and settings\bill
gildart\local settings\temp\bsd1.exe
obj[268]=File : c:\documents and settings\bill
gildart\local settings\temp\eom1.exe
obj[269]=File : c:\documents and settings\bill
gildart\local settings\temp\fqp4.exe
obj[270]=File : c:\documents and settings\bill
gildart\local settings\temp\guc1.exe
obj[271]=File : c:\documents and settings\bill
gildart\local settings\temp\hup2.exe
obj[272]=File : c:\documents and settings\bill
gildart\local settings\temp\iiw1.exe
obj[273]=File : c:\documents and settings\bill
gildart\local settings\temp\ipw1.exe
obj[274]=File : c:\documents and settings\bill
gildart\local settings\temp\nah1.exe
obj[275]=File : c:\documents and settings\bill
gildart\local settings\temp\ohl1.exe
obj[276]=File : c:\documents and settings\bill
gildart\local settings\temp\ohr1.exe
obj[277]=File : c:\documents and settings\bill
gildart\local settings\temp\quw1.exe
obj[278]=File : c:\documents and settings\bill
gildart\local settings\temp\rem2.exe
obj[279]=File : c:\documents and settings\bill
gildart\local settings\temp\rem9.exe
obj[280]=File : c:\documents and settings\bill
gildart\local settings\temp\rema.exe
obj[281]=File : c:\documents and settings\bill
gildart\local settings\temp\remb.exe
obj[282]=File : c:\documents and settings\bill
gildart\local settings\temp\remc.exe
obj[283]=File : c:\documents and settings\bill
gildart\local settings\temp\sbo1.exe
obj[284]=File : c:\documents and settings\bill
gildart\local settings\temp\urc1.exe
obj[285]=File : c:\documents and settings\bill
gildart\local settings\temp\uua1.exe
obj[286]=File : c:\documents and settings\bill
gildart\local settings\temp\ydi1.exe
obj[287]=File : c:\program files\softexit\about1.dll
obj[288]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011845.dll
obj[289]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012696.exe
ISTBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[37]=RegValue : Software\Microsoft\Internet
Explorer\Toolbar\WebBrowser
IBIS TOOLBAR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[38]=RegKey : SOFTWARE\Microsoft\Code Store
Database\Distribution Units\{26E8361F-BCE7-4F75-A347-
98C88B418322}
obj[39]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HAUTO_
UNINSTALL
obj[290]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009961.dll
HELPEXPRESS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[40]=RegKey : SOFTWARE\Alset\HX
obj[41]=RegKey : Software\Alset\HX\HXDL
obj[42]=RegKey : Software\Alset\HX\HXIUL
obj[43]=RegKey : Software\Alset
obj[44]=RegKey : SOFTWARE\Alset
obj[45]=RegValue :
Software\Microsoft\Windows\CurrentVersion\Run
obj[291]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010263.exe
obj[292]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012592.exe
obj[293]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012596.exe
obj[294]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012685.exe
EUNIVERSE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[46]=RegKey : bho.incredifindbho
obj[47]=RegKey : bho.incredifindbho.1
obj[48]=RegKey : CLSID\{5d60ff48-95be-4956-b4c6-
6bb168a70310}
obj[49]=RegKey : Interface\{8B8F6968-2F24-41E3-B653-
E9613226F14D}
obj[50]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5d60ff48-95be-4956-b4c6-6bb168a70310}
obj[51]=RegKey : TYPELIB\{de289bfa-737b-4abb-a4ec-
f8753551b875}
obj[52]=RegKey : SOFTWARE\IncrediFind
obj[53]=RegKey : SOFTWARE\updater
obj[54]=RegKey : Software\Visicom Media
obj[55]=RegKey : SOFTWARE\{F08555AF-9CC3-11D2-AA8E-
000000000000}
obj[56]=Folder : c:\program files\Dynamic Toolbar
obj[295]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009957.exe
obj[296]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011321.exe
obj[297]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012635.exe
obj[298]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012640.exe
obj[299]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012679.exe
obj[300]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012680.exe
obj[301]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012681.exe
obj[302]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012692.dll
obj[303]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012693.dll
obj[304]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012697.dll
obj[305]=File : c:\program files\dynamic toolbar\pwrswmda
obj[306]=File : c:\program files\dynamic toolbar\wzhelper
obj[307]=File : c:\docume~1\billgi~1\locals~1
\temp\incredifindbholog.tmp
obj[308]=File : c:\temp\eunivbholog.tmp
CLIPGENIE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[57]=RegKey : Software\ClipGenie
obj[58]=RegKey : Software\TrayNotifier\ClipGenie
obj[59]=RegKey : SOFTWARE\TrayNotifier\ClipGenie
obj[322]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010054.exe
obj[323]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp135\a0010057.exe
obj[324]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010116.exe
CLEARSEARCH
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[60]=RegValue : Software\Microsoft\Internet
Explorer\URLSearchHooks
obj[325]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009552.exe
obj[326]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011311.exe
obj[327]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011314.exe
obj[328]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011407.exe
obj[329]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011408.exe
CLARIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[61]=RegKey : CLSID\{dbae7000-01ec-4162-8feb-
8a27ac937ca0}
obj[62]=RegKey : hdplugin.hdpluginctrl
obj[63]=RegKey : hdplugin.hdpluginctrl.1
obj[64]=RegKey : TYPELIB\{2ec7a834-9c5e-4154-badc-
0d86a2edc82d}
obj[65]=RegKey : Interface\{22D34833-06F9-4CE6-9FF7-
CE4DA0BA351D}
obj[330]=File : c:\windows\downloaded program
files\hdplugin1014.dll
obj[331]=File : c:\windows\downloaded program
files\hdplugin1014.inf
obj[332]=File : c:\windows\downloaded program
files\hdplugin1015.dll
obj[333]=File : c:\windows\downloaded program
files\hdplugin1015.inf
obj[334]=File : c:\documents and settings\all users\start
menu\programs\startup\gstartup.lnk
ADROTATOR
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[66]=RegKey : AdRotator.Application
obj[67]=RegKey : CLSID\{34EF5B1C-52CB-400b-8B7C-
F787018B3826}
obj[68]=RegKey : CLSID\{3E7145B1-EA07-42CE-9299-
11DF39FF54BD}
obj[69]=RegKey : CLSID\{5074851C-F67A-488E-A9C9-
C244573F4068}
obj[70]=RegKey : defaultsearch.seekseek
obj[71]=RegKey : defaultsearch.seekseek.1
obj[72]=RegKey : Interface\{39341EB6-C340-4F68-AB9D-
EE4917309828}
obj[73]=RegKey : Interface\{E9D8697E-BEA9-4170-84F3-
509AD2A11951}
obj[74]=RegKey :
SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser
Helper Objects\{5074851C-F67A-488E-A9C9-C244573F4068}
obj[75]=RegKey : SOFTWARE\Mwsvm
obj[76]=RegKey : SOFTWARE\slmss
obj[77]=RegKey : TypeLib\{3CD9D85E-1FF2-4BF7-A113-
6669B8D1E676}
obj[78]=RegKey : TYPELIB\{eac42c32-1fe3-4fd0-9f27-
e7f9ccf5fcd9}
obj[79]=RegKey : urllauncher.urllaunchercontrol
obj[80]=RegKey : urllauncher.urllaunchercontrol.1
obj[81]=Folder : c:\program files\common files\Slmss
obj[338]=File : c:\program files\common
files\slmss\slmss.exe
obj[339]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009503.exe
obj[340]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010290.ocx
obj[341]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010291.exe
obj[342]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011316.exe
obj[343]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011410.exe
obj[344]=File : c:\windows\ieasst.dll
obj[345]=File : c:\windows\mwsvm.bin
obj[346]=File : c:\windows\urls.bin
obj[347]=File : c:\windows\vurls.bin
obj[348]=File : c:\windows\mwsvm.dat
obj[349]=File : c:\windows\mwsvm.exe
obj[350]=File : c:\windows\mwsvm.ocx
obj[351]=File : c:\windows\vs.bin
ADDESTROYER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[82]=RegKey : software\vb and vba program
settings\addestroyer
180SOLUTIONS
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[83]=RegKey : Interface\{8DD50C56-8A07-40B9-98C4-
3F169E3AE28E}
obj[84]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.1/nCaseInstaller.dll
obj[85]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.1/nCASELib.dll
obj[86]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.2/nCaseInstaller.dll
obj[87]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.2/nCASELib.dll
obj[88]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program
Files/CONFLICT.3/nCaseInstaller.dll
obj[89]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/CONFLICT.3/nCASELib.dll
obj[90]=RegKey :
Software\microsoft\windows\currentversion\moduleusage\C:/W
INDOWS/Downloaded Program Files/nCASELib.dll
obj[91]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[92]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[93]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[94]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[95]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[96]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[97]=RegValue :
Software\Microsoft\Windows\CurrentVersion\SharedDLLs
obj[354]=File : c:\windows\downloaded program
files\conflict.1\ncaseinstaller.dll
obj[355]=File : c:\windows\downloaded program
files\conflict.1\ncaselib.dll
obj[356]=File : c:\windows\downloaded program
files\conflict.2\ncaseinstaller.dll
obj[357]=File : c:\windows\downloaded program
files\conflict.2\ncaselib.dll
obj[358]=File : c:\windows\downloaded program
files\conflict.3\ncaseinstaller.dll
obj[359]=File : c:\windows\downloaded program
files\conflict.3\ncaselib.dll
obj[360]=File : c:\windows\downloaded program
files\ncaselib.dll
obj[361]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011315.exe
obj[362]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011409.exe
obj[363]=File : c:\windows\system32\iefeatures.exe
WIN32.WELCHIA
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[102]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009499.exe
obj[103]=File : c:\windows\system32\wins\svchost.exe
WHENU
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[143]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011422.exe
STATBLASTER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[186]=File : c:\program
files\media\media\updatestats.exe
SECONDTHOUGHT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[187]=File : c:\windows\downloaded program
files\conflict.1\install.exe
obj[188]=File : c:\windows\downloaded program
files\conflict.2\install.exe
obj[189]=File : c:\windows\downloaded program
files\conflict.3\install.exe
obj[190]=File : c:\windows\downloaded program
files\install.exe
obj[191]=File : c:\windows\system32\idleui.dll
obj[192]=File : c:\windows\system32\stcloader.exe
SEARCHCENTRIX
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[193]=File : c:\windows\system32\barbho.dll
SAHAGENT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[194]=File : c:\windows\downloaded program
files\lsp_.dll
obj[195]=File : c:\windows\downloaded program
files\sahagent_.exe
obj[196]=File : c:\windows\downloaded program
files\sahdownloader_.exe
obj[197]=File : c:\windows\downloaded program
files\sahhtml_.exe
obj[198]=File : c:\windows\downloaded program
files\sahuninstall_.exe
obj[199]=File : c:\windows\system32\sahagent.exe
obj[200]=File : c:\windows\system32\sahagent1008.exe
obj[201]=File : c:\windows\system32\sahhtml.exe
RADS01.QUADROGRAM
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[202]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008137.exe
obj[203]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008151.exe
obj[204]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008174.exe
obj[205]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008193.exe
obj[206]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008336.exe
obj[207]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008351.exe
obj[208]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008377.exe
obj[209]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009368.exe
obj[210]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0009385.exe
obj[211]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009414.exe
obj[212]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp119\a0009438.exe
obj[213]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009465.exe
obj[214]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009484.exe
obj[215]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp124\a0009511.exe
obj[216]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009525.exe
obj[217]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009542.exe
obj[218]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp125\a0009576.exe
obj[219]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp126\a0009614.exe
obj[220]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp127\a0009631.exe
obj[221]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009681.exe
obj[222]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp128\a0009718.exe
obj[223]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009929.exe
obj[224]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0009972.exe
obj[225]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010011.exe
obj[226]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010076.exe
obj[227]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010106.exe
obj[228]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp136\a0010152.exe
obj[229]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010248.exe
obj[230]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp139\a0010284.exe
obj[231]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011291.exe
obj[232]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp140\a0011338.exe
obj[233]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp144\a0011388.exe
obj[234]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011455.exe
obj[235]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp146\a0011492.exe
obj[236]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp147\a0011535.exe
obj[237]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011643.exe
obj[238]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp149\a0011677.exe
obj[239]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp152\a0011742.exe
obj[240]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp153\a0011758.exe
obj[241]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011788.exe
obj[242]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011814.exe
obj[243]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011838.exe
obj[244]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012073.exe
obj[245]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012209.exe
obj[246]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012224.exe
obj[247]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012248.exe
obj[248]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012264.exe
obj[249]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0012297.exe
obj[250]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp155\a0012331.exe
obj[251]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012496.exe
obj[252]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp156\a0012510.exe
obj[253]=File : c:\windows\emsw.exe
DOWNLOADWARE
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[309]=File : c:\documents and settings\bill
gildart\local settings\temp\ins282.tmp
obj[310]=File : c:\documents and settings\bill
gildart\local settings\temp\ins6f.tmp
obj[311]=File : c:\windows\digital signature 20031112.htm
obj[312]=File : c:\windows\digital signature 20031118.htm
obj[313]=File : c:\windows\digital signature 20031204.htm
obj[314]=File : c:\windows\digital signature 20031205.htm
obj[315]=File : c:\windows\digital signature 20031209.htm
obj[316]=File : c:\windows\digital signature 20031211.htm
obj[317]=File : c:\windows\digital signature 20031212.htm
obj[318]=File : c:\windows\digital signature 20031213.htm
obj[319]=File : c:\windows\digital signature 20031216.htm
obj[320]=File : c:\windows\digital signature 20040115.htm
obj[321]=File : c:\windows\digital signature 20040121.htm
ADSINCONTEXT
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[335]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp118\a0008180.exe
obj[336]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp134\a0010028.dll
obj[337]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp145\a0011467.exe
ADPARTNER
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
obj[352]=File : c:\system volume information\_restore
{987e0331-0f01-427c-a58a-7a2e4aabf84d}\rp154\a0011778.dll
obj[353]=File : c:\windows\system32\aplsp.dll