I've been pulling up Winik.sys in my Avast! scans for a while now, and have since been unable to remove it. I found this forum and followed the steps in this thread here.

But am still unsure of whether or not I have removed the file, and decided to ask you guys for help. (As this forum is the first to pop up every time I do a search for viruses or spyware when I'm at work. Your threads are most often used for me to direct people in the right direction.)

Followed the steps in the above thread, re-ran HijackThis and saved the following logfile:

You have a mess there, and no sign of Winik, but lets get started, this will take a few steps...


PLEASE READ AND FOLLOW THESE INSTRUCTIONS CAREFULLY; YOU MAY WANT TO PRINT OR SAVE THESE INSTRUCTIONS LOCALLY BEFORE STARTING.

1. Please download, install, and update the free version of Ewido Security Suite:

1. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
   
2. From the main ewido screen, click on update in the left menu, then click the Start update button.
   
3. After the update finishes (the status bar at the bottom will display "Update successful")
   
4. Exit Ewido. DO NOT scan yet.

Download CCleaner and install, but do not run it yet.

2. Please download this revised installer for the Nailfix utility.
DO NOT run it yet.
Alternate download links here:
http://www.spywareedge.net/nf/nailfix.exe
http://www.spywareaid.com/index.php?file=s...mp;softtype=exe


3. Reboot to Safe Mode
How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

4. Once in Safe Mode, please double-click on nailfix.exe. Click "Next" in the setup, then make sure "Run Nailfix" is checked and click "Finish". Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

5. Next, run Ewido again.

1. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
   
2. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL, pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. We'll see that in the log you will post later and let you know if ewido needs to be run again.
   
3. When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.

Then run HijackThis, click Scan, and place a checkmark by the following item (if found):

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {00000000-0000-4614-B050-70AD4427FCDB} - C:\Program Files\z16af6uy\z16af6uy.dll
O2 - BHO: (no name) - {0A316A7C-0717-421B-9EBE-B9E1539E71F6} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: BestOffers Shopping BHO - {F5DE8ADB-4A69-4e56-96AB-823171C8E9D8} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O3 - Toolbar: BestOffers Shopping v1.20 - {7FD44536-9DF0-4034-939F-5BD4D98E3187} - C:\Program Files\TBONAS\TBONlchr.dll (file missing)

O4 - HKLM\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKLM\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKLM\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>
O4 - HKLM\..\Run: [fwVJS9Ew] C:\PROGRA~1\tqrrutrp\REwDAchN.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [fbfxsf] C:\WINDOWS\system32\bzarleu.exe r
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe] c:\WINDOWS\System32\document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe>');
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer] c:\WINDOWS\System32\document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></ilayer>');
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscr] c:\WINDOWS\System32\<noscript><iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0" marginheight="0" src="http://ads.partner2profit.com/abs_adserve.cfm?campaign_id=15780&noscript=1&rand=[RAND]"></iframe></noscript>

O23 - Service: (ISEXEng) - Unknown owner - C:\WINDOWS\.exe (file missing)


Close all open windows except for HijackThis and click Fix Checked Note that the 04 entry may have changed names if you have rebooted since posting the log; look for an entry with a similar format, that will always in in a single letter r.

Locate and delete the following File in BOLD:
c:\windows\system32\random.exe (or whatever the name may have changed to, as noted above).

6. Now, run CCleaner.

1. Uncheck "Cookies" under "Internet Explorer".
2. If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".
3. Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.

Finally, restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Thanks a ton.

I got the following errors from HijackThis! when cleaning in safe mode:

Error #52 In Sub GetLong Path (></Frame');.exe
Error #52 In Sub GetLong Path (></iLayer');.exe
Error #52 In Sub GetLong Path (></Frame></noscript>.exe)

This is when I tried to remove the "04 files" (listed 1-3), and the entry for REwDAchN.exe.




Broke it up into two posts...

PT 2.

[quote] ---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:17:07 PM 6/30/2006

+ Scan result:



HKLM\SYSTEM\CurrentControlSet\Services\I-- The nicest hobby on Earth ;) --Eng -> Adware.BargainBuddy : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\I-- The nicest hobby on Earth ;) --Eng\Enum -> Adware.BargainBuddy : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\I-- The nicest hobby on Earth ;) --Eng\Security -> Adware.BargainBuddy : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051214234801.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215060353.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215070107.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215100106.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215160112.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215161614.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215164617.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215180139.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215184109.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215191029.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215201028.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051215204252.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216050105.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216062859.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216101359.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216111359.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216142858.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216181409.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216182908.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216184418.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216192910.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216194419.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216195924.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216201407.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216202906.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216204409.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216211410.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216214412.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051216215857.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220000305.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220001805.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220003305.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220050015.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220055701.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220062657.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220114158.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220141157.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220162658.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220165729.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220171204.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220172658.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220184211.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220191207.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220194201.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220201157.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220202657.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220205658.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051220212312.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051221050108.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051221052434.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051221055447.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051221062431.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222050059.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222051831.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222054914.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222114858.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222163340.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222164843.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222171913.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222174844.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222190356.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222191857.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222194859.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222201858.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222204854.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222214844.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222223421.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222224901.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222230440.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051222231843.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051223050045.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051223164313.zip/WINDOWS/Nail.exe -> Adware.BetterInternet : No action taken.
C:\WINDOWS\dsr.dll -> Adware.BetterInternet : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051214214805.zip/Program Files/windowssa/update/omnisetup.exe/axuninstall.exe -> Adware.BlazeFind : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051214214805.zip/Program Files/windowssa/update/omnisetup.exe/omniband.dll -> Adware.BlazeFind : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051214214805.zip/Program Files/windowssa/update/omnisetup.exe/omniscient.exe -> Adware.BlazeFind : No action taken.
C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\Quarantine\20051214214805.zip/Program Files/windowssa/update/omnisetup.exe/omniscienthook.dll -> Adware.BlazeFind : No action taken.
C:\Program Files\z16af6uy\0tghi6zm.DLL -> Adware.ClearSearch : No action taken.
C:\Program Files\z16af6uy\8p3n73fj.DLL -> Adware.ClearSearch : No action taken.
C:\Program Files\z16af6uy\z16af6uy.dll -> Adware.ClearSearch : No action taken.
C:\Program Files\z16af6uy\z16af6uy1\z16af6uy1.dll -> Adware.ClearSearch : No action taken.
C:\Program Files\z16af6uy\zop5v8ho.DLL -> Adware.ClearSearch : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+, -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,- -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-. -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./01 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./012 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123 -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$ -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$% -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%& -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&' -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'( -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'() -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()* -> Adware.CommonName : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&'()*+,-./0123$%&a

OK, let's go after the winik infection, then we'll manually rmeove those garbage registry entries.

You may want to copy these directions to notepad for easy reference.


You will be restarting into Safe mode later. Here's help if you need it.

To use the F8 key to start Windows XP in Safe mode
Restart the computer.
Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening.
As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears.
If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again.
Using the arrow keys on the keyboard, select Safe mode and then press Enter.


First:
Download the zip file attached to this post.

Create a new folder on your desktop and name it Clean Winik
Save the attachment, and then Extract the vbs it contains to the Clean Winik folder you just created.


Do nothing with it now. You'll use it later.


Second:
Copy the contents of the code box to Notepad.
Name the file go.bat
Save as Type: All files



Sign off the internet.

Double click on go.bat and let it run.

Immediately restart into Safe mode.
Go to Start -> Run and paste in this command. Then press enter:

%SystemDrive%\step1.reg

Say yes to the prompt.


Third:
Delete this file:
C:\windows\system32\drivers\winik.sys

Delete this folder:
C:\PROGRA~1\tqrrutrp\

Restart into regular windows.


Fourth:
Open the Clean Winik folder you created earlier.
Wait for the minute to turn over in the systray clock and double click on Delete Winik with System priv.vbs
Wait for a minute or so. When it finishes, results.txt will open.

Please post the contents of results.txt into your next reply.

** IF you get a warning about a malicious script running, please ignore it and allow this to run. I wrote it and it is just going to delete the Winik keys from your registry.


Fifth:
Go to Start -> run and type cmd.exe, then press 'Enter'

When the command window opens, copy this command and then right click in the command window and click paste on the menu. Press enter. This is going to list the names of all folder in your Program Files Directory.
cd %ProgramFiles% & Dir /aD >> folders.txt & start notepad folders.txt


When finished, this will open a file name folders.txt

Please post the contents of folders.txt into your next reply here.


Sixth:
Open regedit (Start -> Run -> Regedit)

In the left hand pane, navigate to this key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Click on the '+' sign to the left of the Run folder

In the right hand pane, scroll down until you find each of those garbage entries. Right click on each one and select delete.

When finished, exit regedit.


Last:
Run HiJackThis again and post a new log in this thread.

It's a beautiful thing not to see Winik.sys sitting at the bottom of the screen on a Safe Mode boot....

Results.txt:



Folders.txt



HijackThis:

OK, that looks good. Now its just cleanup.

First:
For those 'ugly' registry entries.

Open regedit (Start -> Run -> regedit)

In the left hand pane, navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

In the right hand pane, find the three entries that start:
O4 - HKCU\..\Run: [document.write ('<iframe width="720" height="300" frameborder="0" scrolling="NO" marginwidth="0"
O4 - HKCU\..\Run: [document.write('<ilayer width="720" height="300" left="0" top="0" visibility="SHOW"
O4 - HKCU\..\Run: [<noscript><iframe width="720" height="300" frameborder="0" scrolling

Right click on each entry in turn and select 'Delete' (acknowledge if needed)

Once all three are deleted, exit regedit.


Second:
The directory list from removing Winik shows a lot of folders that seem unnecessary. Here is the list. The first two with the 06/30/2006 date can be deleted. The remainder, all begin with wt and unless you know where they came from, delete them as well.

06/30/2006 05:17 PM <DIR> spvqtuqsx
06/30/2006 05:17 PM <DIR> z16af6uy


02/22/2005 02:49 AM <DIR> vouwxux
02/22/2005 02:49 AM <DIR> wtssrqssrv
02/22/2005 02:49 AM <DIR> wtsssuxsxx
02/22/2005 02:49 AM <DIR> wtssupsrpr
02/22/2005 02:49 AM <DIR> wtssvtxvsx
02/22/2005 02:49 AM <DIR> wtssxoqxxx
02/22/2005 02:49 AM <DIR> wtstotpuwv
02/22/2005 02:49 AM <DIR> wtstqotrvt
02/22/2005 02:49 AM <DIR> wtstrsxqpx
02/22/2005 02:49 AM <DIR> wtstsxsqwp
02/22/2005 02:49 AM <DIR> wtsturwvwp
02/22/2005 02:49 AM <DIR> wtstvwrxux
02/22/2005 02:49 AM <DIR> wtstxqwtxr
02/22/2005 02:49 AM <DIR> wtsuovsrvt
02/22/2005 02:49 AM <DIR> wtsuqqosux
02/22/2005 02:49 AM <DIR> wtsurutvsx
02/22/2005 02:49 AM <DIR> wtsutporvt
02/22/2005 02:49 AM <DIR> wtsuutxuqt
02/22/2005 02:49 AM <DIR> wtsuwoqpwv
02/22/2005 02:49 AM <DIR> wtsuxsxvpx
02/22/2005 02:49 AM <DIR> wtsvoxrvwp
02/22/2005 02:49 AM <DIR> wtsvqrvqpx
02/22/2005 02:49 AM <DIR> wtsvrvxuqt
02/22/2005 02:49 AM <DIR> wtsvtqrqwp
02/22/2005 02:49 AM <DIR> wtsvuuvvwp
02/22/2005 02:49 AM <DIR> wtsvwpoxrv
02/22/2005 02:49 AM <DIR> wtsvxttsxx
02/22/2005 02:49 AM <DIR> wtswpotqpx
02/22/2005 02:49 AM <DIR> wtswqtovsx
02/22/2005 02:49 AM <DIR> wtswsoqqwp
02/22/2005 02:49 AM <DIR> wtswttowpr
02/22/2005 02:49 AM <DIR> wtswuxttrp
02/22/2005 02:49 AM <DIR> wtswwrvutv
02/22/2005 02:49 AM <DIR> wtswxwsuwv
02/22/2005 02:49 AM <DIR> wtsxpqvtxr
02/22/2005 02:49 AM <DIR> wtsxqvqtur
02/22/2005 02:48 AM <DIR> wtsxsptwsr
02/22/2005 02:48 AM <DIR> wtsxtvorvt
02/22/2005 02:48 AM <DIR> wtsxvprwvt
02/22/2005 02:48 AM <DIR> wtsxwtvorp
02/22/2005 02:48 AM <DIR> wttoooprpr
02/22/2005 02:48 AM <DIR> wttopsspqt
02/22/2005 02:48 AM <DIR> wttoqxotur
02/22/2005 02:48 AM <DIR> wttosrrqpx
02/22/2005 02:48 AM <DIR> wttotwtpqt
02/22/2005 02:48 AM <DIR> wttovrqqwp
02/22/2005 02:48 AM <DIR> wttowvtutv
02/22/2005 02:48 AM <DIR> wttpoqqsov
02/22/2005 02:48 AM <DIR> wttppuvorp
02/22/2005 02:48 AM <DIR> wttprpqrpr
02/22/2005 02:48 AM <DIR> wttpstuvwp
02/22/2005 02:48 AM <DIR> wttptxvqpx
02/22/2005 02:48 AM <DIR> wttpvrvuqt
02/22/2005 02:48 AM <DIR> wttpwwqpwv
02/22/2005 02:48 AM <DIR> wttqoqurvt
02/22/2005 02:48 AM <DIR> wttqrqouqt
02/22/2005 02:48 AM <DIR> wttqsuuxov
02/22/2005 02:48 AM <DIR> wttqupppqt
02/22/2005 02:48 AM <DIR> wttqvtrxxx
02/22/2005 02:48 AM <DIR> wttqwxwxrv
02/22/2005 02:48 AM <DIR> wttrorxxrv
02/22/2005 02:48 AM <DIR> wttrqpruqt
02/22/2005 02:48 AM <DIR> wttrrtxutv
02/22/2005 02:48 AM <DIR> wttrtorxxx
02/22/2005 02:48 AM <DIR> wttruswwsr
02/22/2005 02:48 AM <DIR> wttrvxtxxx
02/22/2005 02:48 AM <DIR> wttrxsoutv
02/22/2005 02:48 AM <DIR> wttsowqtxr
02/22/2005 02:48 AM <DIR> wttsqquutv
02/22/2005 02:48 AM <DIR> wttsrvpxxx
02/22/2005 02:48 AM <DIR> wttstptorp
02/22/2005 02:48 AM <DIR> wttsuvtpqt
02/22/2005 02:48 AM <DIR> wttswpwrsr
02/22/2005 02:48 AM <DIR> wttsxuporp
02/22/2005 02:48 AM <DIR> wtttpoqxux
02/22/2005 02:48 AM <DIR> wtttqsuwsr
02/22/2005 02:48 AM <DIR> wtttrxqpwv
02/22/2005 02:48 AM <DIR> wttttrtsxx
02/22/2005 02:47 AM <DIR> wtttuvvour
02/22/2005 02:47 AM <DIR> wtttwpvxxx
02/22/2005 02:47 AM <DIR> wtttxtxsov
02/22/2005 02:47 AM <DIR> wttuoxxxov
02/22/2005 02:47 AM <DIR> wttuqspptv
02/22/2005 02:47 AM <DIR> wtturwsuqt
02/22/2005 02:47 AM <DIR> wttutqvpqt
02/22/2005 02:47 AM <DIR> wttuuvoxxx
02/22/2005 02:47 AM <DIR> wttuwprsxx
02/22/2005 02:47 AM <DIR> wttuxtsqpx
02/22/2005 02:47 AM <DIR> wttvoxqvwp
02/22/2005 02:47 AM <DIR> wttvqrqutv
02/22/2005 02:47 AM <DIR> wttvrvtrsr
02/22/2005 02:47 AM <DIR> wttvtpvpwv
02/22/2005 02:47 AM <DIR> wttvutvxxx
02/22/2005 02:47 AM <DIR> wttvwostur
02/22/2005 02:47 AM <DIR> wttvxwqtrp
02/22/2005 02:47 AM <DIR> wttwpqrqwp
02/22/2005 02:47 AM <DIR> wttwqurtxr
02/22/2005 02:47 AM <DIR> wttwsosptv
02/22/2005 02:47 AM <DIR> wttwtsurpr
02/22/2005 02:47 AM <DIR> wttwwsoqsx
02/22/2005 02:47 AM <DIR> wttwxxvwpr
02/22/2005 02:47 AM <DIR> wttxpuxour
02/22/2005 02:47 AM <DIR> wttxrqrqwp
02/22/2005 02:47 AM <DIR> wttxsxxsxx
02/22/2005 02:47 AM <DIR> wttxusowsr
02/22/2005 02:47 AM <DIR> wttxwoxtxr
02/22/2005 02:47 AM <DIR> wttxxtpsxx
02/22/2005 02:47 AM <DIR> wtuopootur
02/22/2005 02:47 AM <DIR> wtuoqrxtrp
02/22/2005 02:47 AM <DIR> wtuorvtsux
02/22/2005 02:47 AM <DIR> wtuotpuqwp
02/22/2005 02:47 AM <DIR> wtuouuvsux
02/22/2005 02:47 AM <DIR> wtuowowrpr
02/22/2005 02:47 AM <DIR> wtuoxtxqsx
02/22/2005 02:47 AM <DIR> wtuptspxxx
02/22/2005 02:47 AM <DIR> wtupvpowpr
02/22/2005 02:47 AM <DIR> wtuqtpxpwv
02/22/2005 02:47 AM <DIR> wtuquxvsov
02/22/2005 02:47 AM <DIR> wtuqwwwrpr
02/22/2005 02:47 AM <DIR> wturqtrour
02/22/2005 02:47 AM <DIR> wturtvsvwp
02/22/2005 02:47 AM <DIR> wturvqwsov
02/22/2005 02:47 AM <DIR> wturwwsvpx
02/22/2005 02:46 AM <DIR> wtusortqpx
02/22/2005 02:46 AM <DIR> wtuspwtuqt
02/22/2005 02:46 AM <DIR> wtusrrrsov
02/22/2005 02:46 AM <DIR> wtussxprpr
02/22/2005 02:46 AM <DIR> wtusuroqpx
02/22/2005 02:46 AM <DIR> wtusvworsr
02/22/2005 02:46 AM <DIR> wtusxqwptv
02/22/2005 02:46 AM <DIR> wtutovrrpr
02/22/2005 02:46 AM <DIR> wtutqpxqpx
02/22/2005 02:46 AM <DIR> wtutrutsov
02/22/2005 02:46 AM <DIR> wtuttpruwv
02/22/2005 02:46 AM <DIR> wtutuuwour
02/22/2005 02:46 AM <DIR> wtutwprrpr
02/22/2005 02:46 AM <DIR> wtutxuqsux
02/22/2005 02:46 AM <DIR> wtuuppporp
02/22/2005 02:46 AM <DIR> wtuuqusutv
02/22/2005 02:46 AM <DIR> wtuusptqwp
02/22/2005 02:46 AM <DIR> wtuutvpoxr
02/22/2005 02:46 AM <DIR> wtuuvqutxr
02/22/2005 02:46 AM <DIR> wtuuwxorpr
02/22/2005 02:46 AM <DIR> wtuvospvsx
02/22/2005 02:46 AM <DIR> wtuvpxrsrv
02/22/2005 02:46 AM <DIR> wtuvrswuqt
02/22/2005 02:46 AM <DIR> wtuvsxxvsx
02/22/2005 02:46 AM <DIR> wtuvurtrpr
02/22/2005 02:46 AM <DIR> wtuvvvoxrv
02/22/2005 02:46 AM <DIR> wtuvxousxx
02/22/2005 02:46 AM <DIR> wtuwosqrpr
02/22/2005 02:46 AM <DIR> wtuwpvwvsx
02/22/2005 02:46 AM <DIR> wtuwrpswvt
02/22/2005 02:46 AM <DIR> wtuwstpuqt
02/22/2005 02:46 AM <DIR> wtuwtwvrsr
02/22/2005 02:46 AM <DIR> wtuwvqqwsr
02/22/2005 02:46 AM <DIR> wtuwwtwxux
02/22/2005 02:46 AM <DIR> wtuwxxtpwv
02/22/2005 02:46 AM <DIR> wtuxprorvt
02/22/2005 02:46 AM <DIR> wtuxqwuutv
02/22/2005 02:46 AM <DIR> wtuxssoqwp
02/22/2005 02:46 AM <DIR> wtuxtxrpwv
02/22/2005 02:46 AM <DIR> wtuxvsvtrp
02/22/2005 02:46 AM <DIR> wtuxwxuutv
02/22/2005 02:46 AM <DIR> wtvootporp
02/22/2005 02:46 AM <DIR> wtvoqorqsx
02/22/2005 02:46 AM <DIR> wtvortttrp
02/22/2005 02:46 AM <DIR> wtvotowoxr
02/22/2005 02:46 AM <DIR> wtvouuqqpx
02/22/2005 02:46 AM <DIR> wtvowptrvt
02/22/2005 02:46 AM <DIR> wtvoxuwour
02/22/2005 02:45 AM <DIR> wtvppqosux
02/22/2005 02:45 AM <DIR> wtvpqvuvpx
02/22/2005 02:45 AM <DIR> wtvpsrqrpr
02/22/2005 02:45 AM <DIR> wtvptwrxxx
02/22/2005 02:45 AM <DIR> wtvpvrttur
02/22/2005 02:45 AM <DIR> wtvpwwvuwv
02/22/2005 02:45 AM <DIR> wtvqoqsptv
02/22/2005 02:45 AM <DIR> wtvqptxrpr
02/22/2005 02:45 AM <DIR> wtvqqxtsov
02/22/2005 02:45 AM <DIR> wtvqsurxov
02/22/2005 02:45 AM <DIR> wtvquosrsr
02/22/2005 02:45 AM <DIR> wtvqvvqptv
02/22/2005 02:45 AM <DIR> wtvqxpotur
02/22/2005 02:45 AM <DIR> wtvrosuorp
02/22/2005 02:45 AM <DIR> wtvrpxrptv
02/22/2005 02:45 AM <DIR> wuppopuqsx
02/22/2005 02:45 AM <DIR> wuppptsptv
02/22/2005 02:45 AM <DIR> wuppqxrrsr
02/22/2005 02:45 AM <DIR> wuppsqxqwp
02/22/2005 02:45 AM <DIR> wupptutorp
02/22/2005 02:45 AM <DIR> wuppvoqorp
02/22/2005 02:45 AM <DIR> wuppwruxov
02/22/2005 02:45 AM <DIR> wuppxwqxxx
02/22/2005 02:45 AM <DIR> wupqpqosux
02/22/2005 02:45 AM <DIR> wupqqtuqsx
02/22/2005 02:45 AM <DIR> wupqsorvwp
02/22/2005 02:45 AM <DIR> wupqtsoptv
02/22/2005 02:45 AM <DIR> wupquvvqsx
02/22/2005 02:45 AM <DIR> wupqwpqrpr
02/22/2005 02:45 AM <DIR> wupqxswqwp
02/22/2005 02:45 AM <DIR> wuproxtvwp

All cleaned out, no more pop-ups.

Noticing, though, that one of my symptoms ("skipping" in windows, usually when running Fireox and iTunes - both resource hogs, I know,) is still present. Though much less so. I plan on doing maitenence (cleanup, defrag, another spyware scan, check processes, etc) but is this related to Winik?

Thanks again!

No, those symptom(s) would not be related to Winik.

A defrag, chkdsk, temp cleanup, etc will help.

Now, unless there are still issues not reflected in your log(s), your system is clean and we are finished. Here are some simple steps you can take to reduce the chance of infection in the future.

1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and Internet Explorer. This includes SP1 and SP2 if you use Windows XP. The first defense against infection is a properly patched Operating System.
a. Windows Update: http://windowsupdate.microsoft.com/

If you have Word, Excel, Outlook or other Office programs installed. Consider using Microsoft Update instead of Windows Update. See the FAQ page here for more information: http://update.microsoft.com/microsoftupdat...t.aspx?ln=en-us

Also, download and install Microsoft Baseline Analyzer.(Note that MBSA is only for Win 2000 SP3 or later and Office XP or later) When run, it will check system for security exposures, including missing updates. I suggest running it weekly. You can obtain more information here: http://www.microsoft.com/technet/security/...s/mbsahome.mspx


2. Check your Java Runtime version. (Current=1.5.0_07-b03, aka Version 5.0, Update 7)
You can check the current version of the Java Runtime Modules installed by opening the Java Control Panel and selecting 'About' from the 'General' tab.
The current version can be downloaded from Sun here: http://www.java.com/j2se/1.5.0/download.jsp

Note: Be sure to remove all prior versions using Add/Remove Programs before you install the new one. Remember to reboot after removal.

3. Adjust your security settings for ActiveX:
Select Internet Options from the Control Panels, or from Internet Explorer (Tools -> Internet Options)
Press 'default level', then OK
Now press "Custom Level."

In the ActiveX controls and plug-ins section set these options:
'Download signed ActiveX controls' - Prompt
'Download unsigned ActiveX controls' - Disable
'Initialize and script ActiveX controls not maked as safe'- Disable
All other options accept the default

For Windows XP2 SP2 users, check this link for additional steps you can take to secure Internet Explorer: http://www.microsoft.com/technet/security/...xp/iesecxp.mspx
Also,for Sp2 SP2 and IE users, in IE, Tools -> Manage Add-ons will give you a list of all BHO's, Extensions, and ActiveX modules installed on your computer. You can update, enable or disable them.

4. Download and install the following free programs
a. SpywareBlaster (ActiveX protection): http://www.javacoolsoftware.com/spywareblaster.html
b. IE/Spyad (Malicious Site protection): http://www.spywarewarrior.com/uiuc/resource.htm#IESPYAD
You may want to consider also installing ZonedOut (http://www.funkytoad.com/zonedout.htm) to handle the Restricted Site List.
c. Hoster (HOSTS file manager): http://www.funkytoad.com/hoster.htm

5. Install Spyware Detection and Removal Programs:
You may also want to consider installing one (or more) of the following:
a. Windows Defender: http://www.microsoft.com/athome/security/s...re/default.mspx
NOTE: Windows Defender only runs on Windows 2000, XP, Vista, and 2003.
b. Spybot S&D: http://security.kolla.de/index.php?lang=en&page=download
c. AdAware Personal: http://www.lavasoft.de/

Use these programs to regularly scan your system for and remove many forms of spyware/malware. I recommend a combination of Microsoft Spyware and TeaTimer from Spybot S&D.

If you use, or plan on using, additional spyware/malware detection and/or removal programs, please check Items 8 and 9.

6. Install A Toolbar to Detect Phishes
Phishing is prevalent and on the rise. Make sure the site you go to is real. Your ISP may offer a toolbar to warn you of fake sites or you can choose one of the following
a. Spoofstick Toolbar
b. Netcraft Toolbar

7. Reset System Restore
If you are using Windows ME or Windows XP, please reset your System Restore. See Windows help for information.

8. Clean Temporary Files and Folders
Download and install the disk cleanup utility called Cleanup! from here:
http://cleanup.stevengould.org/

Cleanup! will get rid of any malware which may be hiding in your temp folders (a common hiding place). You may also regain a massive amount of disk space.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/forums/tutorial93.html

Run the disk cleanup utility called Cleanup! that you have already downloaded and installed
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Then reboot into normal mode to let it clean out the remaining files.

9. Rogue/Suspect Anti-Spyware
Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link: http://www.spywarewarrior.com/rogue_anti-spyware.htm

10. Anti-Spyware Programs Compared
Want to know just how effective your anti-spyware program is? Wonder how well any of the "rogue" programs listed above work? Check this link for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm

11. Alternate Browser
Consider using an alternate browser as your default. I recommend and use Firefox as my primary browser. It is still necessary to keep Internet Explorer current and protected in order to use Windows Update.


For more information about Spyware, the tools available, and other informative material, including information on how you may have been infected in the first place, please check out this link: http://forum.gladiator-antivirus.com/index...?showtopic=9857

"It is your responsibility to read and adhere to the End User Licensing Agreement (EULA) of all software and services mentioned."

Good luck, and thanks for coming to our forums for help with your security and malware issues.

Thanks again, man!