Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hi. My name is Deej and...

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby capsdeej » July 31st, 2006, 1:01 pm

Hi Shaba. Following are the latest logs you requested.

As always - thanks for sticking with me and for your patience as I muddle through the process!

-Deej


========WinPFind========
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 10/7/2005 7:30:28 PM 3871694 C:\9x3136.exe
qoologic 7/28/2006 8:18:10 AM 21855 C:\ComboFix.txt
UPX! 10/7/2005 7:28:06 PM 1289538 C:\wdm.exe
qoologic 7/31/2006 10:20:46 AM 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/18/2001 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 7/6/2006 8:21:46 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 2:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 2:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/18/2001 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 12:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
7/31/2006 11:37:48 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
6/1/2006 3:28:56 PM S 11043 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB918439.cat
6/19/2006 4:20:58 PM S 7160 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
7/31/2006 11:44:04 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
7/31/2006 11:38:30 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
7/31/2006 11:39:02 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
7/31/2006 11:53:16 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
7/31/2006 11:48:16 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
7/12/2006 3:00:54 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
7/12/2006 3:02:50 AM S 558 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\A44F4E7CB3133FF765C39A53AD8FCFDD
7/12/2006 3:02:50 AM S 146 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\A44F4E7CB3133FF765C39A53AD8FCFDD
6/16/2006 2:16:16 PM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\a89084a2-722f-4d4b-9608-09fc87e3b223
6/16/2006 2:16:16 PM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
7/31/2006 11:38:02 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
InstallShield Software Corporation2/16/2005 5:15:20 PM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 5/3/2006 2:56:54 AM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 2:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 2:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/5/2001 10:23:48 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/5/2001 10:08:08 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI
11/8/2003 11:53:20 AM 1654 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
9/5/2001 10:23:48 AM HS 84 C:\Documents and Settings\Cap'nTripps\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/5/2001 10:08:08 AM HS 62 C:\Documents and Settings\Cap'nTripps\Application Data\DESKTOP.INI

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\a2ContMenu
{AB77609F-2178-4E6F-9C4B-44AC179D937A} = C:\PROGRA~1\A-SQUA~1\A2CONT~1.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido anti-spyware
{8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
SSVHelper Class = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{21569614-B795-46B1-85F4-E737A8DC09AD}
Shell Search Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = &Yahoo! Toolbar :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Microsoft Works Portfolio C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
WorksFUD C:\Program Files\Microsoft Works\Wkfud.exe
DellTouch C:\WINDOWS\DELLMMKB.EXE
PrinTray C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
SandIcon C:\ImageMate CompactFlash USB\SandIcon.Exe
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
FLMOFFICE4DMOUSE C:\Program Files\Browser Mouse\mouse32a.exe
Windows System Tray C:\WINDOWS\system32\fonts\svc\msapp.exe
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
QuickTime Task C:\WINDOWS\System32\qttask.exe
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe

StatusClient C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
TomcatStartup C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
!ewido "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = c:\windows\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINDOWS\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon
= WgaLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 7/31/2006 11:53:29 AM


========eWido========

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:34:51 AM 7/31/2006

+ Scan result:



C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168476.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168473.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168474.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169536.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP846\A0169537.exe -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\eskin -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056018.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065005.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065173.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066790.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070549.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1078078.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1135616.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\117381.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1240775.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1362980.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383595.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383601.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383623.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386948.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1399873.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400546.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\189032.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\223145.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\224908.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\2451.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\25081.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\387979.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\459429.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\501475.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\511446.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\512217.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\515176.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\516442.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\523819.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\587759.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\600583.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\625696.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\633592.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\647559.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\665449.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\680698.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\698191.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\709337.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\7269.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\739596.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\794310.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\805478.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\836340.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\860049.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\878642.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\880604.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\890068.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\898800.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\905181.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\928748.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\929911.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\976123.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\bstat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\3035.dat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles2.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles2_Bubbles2.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles_Bubbles.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\samplegroups2.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchfor.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\ads.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles2.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles2_Bubbles2.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles_Bubbles.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_weather.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\samplegroups2.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DefaultButton.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DefaultButton.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_premium.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_weather.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\bubbles.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\bubbles2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\bubbles.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\bubbles2.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\bubbles2_Bubbles2.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\bubbles_Bubbles.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\buttondir.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\components.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\default.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\email-t1-bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\icons2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\keywords_idx.idx -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\layout.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\progress.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\samplegroups2.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\t2_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\top7.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kelly Munyan\Application Data\Hotbar\v3.0\Hotbar\static\tsd_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP843\A0167222.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169649.exe -> Adware.IEPlug : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169738.exe -> Adware.IEPlug : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame.1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CLSID -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.BottomFrame\CurVer -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame.1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CLSID -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.LeftFrame\CurVer -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser.1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CLSID -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.PopupBrowser\CurVer -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow.1 -> Adware.IEPlugin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\IMIToolbar.PopupWindow\CLSID -> Adware.IEPlugin :
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm
Advertisement
Register to Remove

Unread postby Shaba » July 31st, 2006, 1:30 pm

Hi

I see nothing bad on WinPFind log.

Ewido find HotBar and some other things. Are you still unable to permanently delete those temporary internet files? If so, we need more research.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » July 31st, 2006, 4:16 pm

========
HiJackThis
========

Logfile of HijackThis v1.99.1
Scan saved at 1:38:11 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Netropa\OSD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



========
Kaspersky
========

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 31, 2006 3:12:56 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 31/07/2006
Kaspersky Anti-Virus database records: 211151
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 46765
Number of viruses found: 11
Number of infected objects: 45
Number of suspicious objects: 0
Duration of the scan process: 01:23:31

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[1].php/packed Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Temporary Internet Files\Content.IE5\UP8NQXG9\popup[1].php GZIP: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168333.exe CAB: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP845\A0168484.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169644.exe Infected: Trojan-Spy.Win32.IamBigBrother.91 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169658.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169659.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169661.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169665.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169665.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169666.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP847\A0169666.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169729.exe Infected: Trojan-Spy.Win32.IamBigBrother.91 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169739.exe/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169739.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169744.exe/data0002 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169744.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169744.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe/data0003 Infected: Trojan.Win32.VB.tg skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe/data0007 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169748.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169752.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169752.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169752.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169755.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169755.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169756.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP848\A0169756.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP849\A0169818.dll Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP849\A0169819.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP849\A0169820.dll Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP849\A0169821.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\System Volume Information\_restore{8513C62E-889D-4878-A5C3-816F635D0F0E}\RP849\A0169822.dll Infected: not-a-virus:AdWare.Win32.ImiBar.c skipped

Scan process completed.
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby capsdeej » July 31st, 2006, 11:01 pm

Shaba,

Something is definitely still on the computer and causing problems. I think we need more research. I left the computer idle with nothing open and came back several hours later to find cookie prompts (I prompt for cookies on this account).

There is also an installer window that pops up all the time that says it's for Microsoft Word SR-1 and wants me to insert the CD - I didn't attempt to install any updates for Office or Word for a very long time. This just began occurring just prior to when I first contacted this forum and continues today.

Also - while I type posts, the cursor frequently loses focus. As I'm typing, IE becomes inactive - like I clicked on something else when, in fact I did not.

I just wanted to give you an update and I'm not sure if any of the above are related to what we've been working on - but I thought I'd mention it none-the-less. Maybe it will give you a clue as to what we're looking for.

Thanks again for everything so far. :)
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » August 1st, 2006, 3:47 am

Hi

Yes, research continues :D

* Download GMER from here:
http://www.gmer.net/gmer.zip

Unzip it and start GMER.exe
Click the rootkit-tab and click scan.

Once done, click the Copy button.
This will copy the results to clipboard.
Paste the results in your next reply.

Open HijackThis, click open misc tools section.

Checkmark those two small boxes and press "generate startuplist log" and Yes

Send:

- gmer log
- startuplist
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » August 1st, 2006, 9:33 am

==========
STARTUP LIST
==========

StartupList report, 8/1/2006, 8:31:37 AM
StartupList version: 1.52.2
Started from : C:\Program Files\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Cap'nTripps\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
*No files*

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = c:\windows\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Microsoft Works Portfolio = C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
WorksFUD = C:\Program Files\Microsoft Works\Wkfud.exe
DellTouch = C:\WINDOWS\DELLMMKB.EXE
PrinTray = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
SandIcon = C:\ImageMate CompactFlash USB\SandIcon.Exe
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
FLMOFFICE4DMOUSE = C:\Program Files\Browser Mouse\mouse32a.exe
Windows System Tray = C:\WINDOWS\system32\fonts\svc\msapp.exe
ISUSPM Startup = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
QuickTime Task = C:\WINDOWS\System32\qttask.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
vptray = C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
(Default) =
StatusClient = C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
TomcatStartup = C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
!ewido = "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
msnmsgr = "C:\Program Files\MSN Messenger\msnmsgr.exe" /background

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{68D892A2-E70A-11D4-B537-00105AD3B2AE}TBC812] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Files and Settings Transfer Wizard.job
FRU Task #Hewlett-Packard#hp psc 1200 series#1068310400.job
ISP signup reminder 2.job
ISP signup reminder 3.job
Symantec NetDetect.job

--------------------------------------------------

Enumerating Download Program Files:

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Support.com ActionRunner Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlar.dll
CODEBASE = http://support.cox.net/custsup/supporta ... gctlar.cab

[Support.com SmartIssue]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\tgctlsi.dll
CODEBASE = http://support.cox.net/custsup/supporta ... gctlsi.cab

[QuickTime Object]
InProcServer32 = C:\WINDOWS\System32\QTPlugin.ocx
CODEBASE = http://www.apple.com/qtactivex/qtplugin.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky On-line Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky.com/kos/english/ka ... nicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\macromed\Director\SwDir.dll
CODEBASE = http://download.macromedia.com/pub/shoc ... tor/sw.cab

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab

[WUWebControl Class]
InProcServer32 = C:\WINDOWS\System32\wuweb.dll
CODEBASE = http://update.microsoft.com/windowsupda ... 0483416765

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://update.microsoft.com/microsoftup ... 5752504252

[{74C861A1-D548-4916-BC8A-FDE92EDFF62C}]
CODEBASE = http://mediaplayer.walmart.com/installer/install.cab

[{886DDE35-E955-11D0-A707-000000881958}]
CODEBASE = http://69.56.176.75/webplugin.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[BinAg1 Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\BinaryAggregator1.dll
CODEBASE = https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupdate.microsoft.com/C ... 7602893518

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn.com/download/MsnMe ... loader.cab

[Java Plug-in]
InProcServer32 = C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Java Plug-in 1.5.0_07]
InProcServer32 = C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
CODEBASE = http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx
CODEBASE = http://download.macromedia.com/pub/shoc ... wflash.cab

[TikGames Online Control]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\gpcontrol.dll
CODEBASE = http://download.games.yahoo.com/games/w ... tycoon.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Intel(r) 82801 Audio Driver Install Service (WDM): system32\drivers\ac97intc.sys (manual start)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
ADMtek ADM8511/AN986 USB To Fast Ethernet Converter: System32\DRIVERS\ADM8511.SYS (manual start)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ati2mpaa: System32\DRIVERS\ati2mpaa.sys (manual start)
ati2mtaa: System32\DRIVERS\ati2mtaa.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
BCM 802.11b Network Adapter Driver: system32\DRIVERS\bcmwl5.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (autostart)
Symantec Network Proxy: "C:\Program Files\Common Files\Symantec Shared\ccProxy.exe" (autostart)
Symantec Password Validation: "C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (manual start)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (autostart)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: C:\WINDOWS\System32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
.NET Runtime Optimization Service v2.0.50727_X86: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (manual start)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
Symantec AntiVirus Definition Watcher: "C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe" (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: System32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Prt.sys (manual start)
MS Dot4USB Filter Dot4USB Filter: System32\DRIVERS\dot4usb.sys (manual start)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
ewido anti-spyware 4.0 driver: \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys (system)
ewido anti-spyware 4.0 guard: C:\Program Files\ewido anti-spyware 4.0\guard.exe (autostart)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Gmer: System32\DRIVERS\gmer.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
HCF_MSFT: System32\DRIVERS\HCF_MSFT.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
hpt3xx: \SystemRoot\System32\DRIVERS\hpt3xx.sys (disabled)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
IMAPI CD-Burning COM Service: C:\WINDOWS\SYSTEM32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: System32\DRIVERS\intelide.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Lexmark X73 MFP Scanner: System32\Drivers\Lxarscan.sys (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
DellTouch: System32\DRIVERS\msikbd2k.sys (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060724.048\naveng.sys (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20060724.048\navex15.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
nenum13E: \??\C:\DOCUME~1\CAP'NT~1\LOCALS~1\Temp\nenum13E.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Netropa NHK Server: %SystemRoot%\Nhksrv.exe (autostart)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
nv4: System32\DRIVERS\nv4.sys (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: \SystemRoot\System32\DRIVERS\pciide.sys (disabled)
Toshiba PCX1100U USB Cable Modem networking driver: System32\DRIVERS\pcx1nd5.sys (manual start)
Toshiba PCX1100U USB Cable Modem WDM driver: System32\DRIVERS\pcx1unic.sys (manual start)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SAVRoam: "C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe" (manual start)
SAVRT: \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (system)
SAVRTPEL: \??\C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
smwdm: system32\drivers\smwdm.sys (manual start)
Symantec Network Drivers Service: "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (manual start)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{1100B439-9A02-4B70-A4FD-6BB22F174144} (manual start)
Symantec AntiVirus: "C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe" (autostart)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
Symantec SecurePort: "C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe" (autostart)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
SymWMI Service: "C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe" (autostart)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Winachcf: System32\DRIVERS\winachcf.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (manual start)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 40,820 bytes
Report generated in 0.359 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only



==========
GMER Scan
==========

GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-08-01 08:30:21
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.10 ----

SSDT 827E7FC0 ZwConnectPort
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess

---- Devices - GMER 1.0.10 ----

Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE F3176C8A

---- Files - GMER 1.0.10 ----

File C:\2e7a766ef9b95b49b3ac43b01115ce50\download\ic
File C:\2e7a766ef9b95b49b3ac43b01115ce50\download\lang
File C:\2e7a766ef9b95b49b3ac43b01115ce50\download\new
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\acpi.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\au.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\battery.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\bda.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\cdrom.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\cpu.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\disk.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\dpcdll.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\dpup.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\drvindex.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\hiddigi.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\hidserv.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\ie.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\ieaccess.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\iis.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\ims.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\input.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\intl.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\keyboard.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\kscaptur.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\layout.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\miscp.chm
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\mshdc.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\msoe50.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\netip6.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\netoc.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\netrass.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\nt5inf.cat
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\ntprint.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\pchealth.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\pidgen.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\pnpscsi.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\scsi.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\swflash.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\sysoc.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\syssetup.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\tape.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\tsoc.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\usbport.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\ic\whatnewp.chm
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\chajei.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\chtmbx.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\chtskdic.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\chtskf.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\cintime.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\cintlgnt.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\cintsetp.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\cplexe.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\dayi.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imekr61.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imekrcic.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjp81.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjp81k.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpcd.dic
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpcic.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpcus.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpdct.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpdct.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpdsvr.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpinst.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpinst.ini
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjpmig.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjprw.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjputy.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imjputyc.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imlang.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\imscinst.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\miniime.tpl
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\padrs404.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\padrs804.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\phon.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlcsa.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlcsd.dic
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlcsd.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlcsk.dic
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgc.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgd.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgdx.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgi.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgix.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgl.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgne.chm
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgnt.chm
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgnt.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgr.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlgs.imd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pintlphr.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\pmigrate.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\quick.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\romanime.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\tintlgnt.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\tintlphr.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\tintsetp.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\tmigrate.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\unicdime.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\uniime.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\voicepad.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\voicesub.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\winar30.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\lang\winime.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\apph_sp.sdb
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\apps_sp.chm
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ati2dvaa.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ati2dvag.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ati2mtaa.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ati2mtag.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ati3d1ag.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ati3d2ag.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atiixpaa.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atiixpag.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinbtxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinmdxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinpdxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinraxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinrvxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinsnxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinttxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atintuxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinxbxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atinxsxx.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ativdaxx.ax
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ativmvxx.ax
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\atixpwdm.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\c_28603.nls
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\dsprpres.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\encapi.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\encdec.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\faxpatch.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\hccoin.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\hidir.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\hscupd.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\hscxpsp1.cab
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\logo.gif
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\logowin.gif
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\medctrro.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\msctfime.ime
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\msftedit.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\mssap.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\mutohpen.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\netbeac.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\nettun.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\nv4_disp.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\nvct.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\nvdm.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\nvts.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\oeaccess.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\osloader.ntd
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\ramdisk.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\rtcimsp.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\sbe.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\sbeio.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\smtpsvc.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\snchk.exe
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\sp1.cab
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\spgrmr.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\usbehci.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\wacompen.sys
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\winbrand.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\winhttp.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\wmaccess.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\wmpocm.inf
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\wmvcore2.dll
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\wuau.adm
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\wuauhelp.chm
File C:\2e7a766ef9b95b49b3ac43b01115ce50\new\xpsp1res.dll

---- EOF - GMER 1.0.10 ----
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » August 1st, 2006, 9:48 am

Hi

I don't see much bad on those logs.

This directory looks bit suspicious -> C:\2e7a766ef9b95b49b3ac43b01115ce50

Maybe we'll research that later.

Let's try this:

Boot in safe mode

Empty this directory in safe mode(delete all files inside):

C:\Documents and Settings\Cap'nTripps\Local Settings\Temporary Internet Files\Temporary Internet Files

Reboot and tell if those files come back.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » August 1st, 2006, 11:24 am

AARRGGG!!! :shock:

I booted to safe mode and deleted all files from that directory.

I rebooted and logged on only to find:

- web search bar on the desktop (intelligent explorer)
- "Play Poker Online" shortcut on the desktop - targeted to consumeralerts.com
- Intelligent Explorer bar in IE
- multiple 'SurfSideKick' IE windows opened

This type of activity on boot-up hasn't happened for several days - now it's back. I haven't seen surfsidekick since early in this cleaning process. Why is it back? The only thing I've used that PC for is to do the activities that you have recommended. I've kept everyone off of it as I didn't want to hinder the process.

Let me know...our next steps... :?
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » August 1st, 2006, 11:27 am

Hi

Please send a fresh HijackThis log and a fresh uninstall list.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » August 1st, 2006, 11:44 am

Ad-Aware SE Personal
Adobe Acrobat 5.0
allTunes
a-squared Free 1.6.5
ATI Display Driver
Browser Mouse
Command
Conexant HCF V90 56K Data Fax PCI Modem
Dell Picture Studio - Image Expert 2000
Dell Solution Center
DellTouch
ewido anti-spyware 4.0
Forethought
Google Toolbar for Internet Explorer
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB918766)
hp instant support
hp LaserJet 1010 Series
HP Memories Disc
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
ImageMate CompactFlash USB (SDDR-31) Ver. 5.05
Internet Explorer Toolbar - Intelligent Explorer
InterVideo XPack (MP3 Only)
J2SE Runtime Environment 5.0 Update 7
Kaspersky On-line Scanner
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
MGI PhotoSuite 8.1 (Remove Only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Data Access Components KB870669
Microsoft Picture It! Publishing 2001
Microsoft Word 2000 SR-1
Microsoft Works 2001 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MSN Messenger 7.5
Muiltmedia keyboard utility 1.1
Network Monitor
Norton WMI Update
PhoneTools
PowerDVD
Quicklinks
Quicklinks
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Shockwave
Spybot - Search & Destroy 1.4
Surf SideKick
Symantec Client Security
TargetSaver
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Wal-Mart Music Downloads Store
Web Nexus Network
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Yazzle by OIN



Logfile of HijackThis v1.99.1
Scan saved at 10:42:12 AM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\DELLMMKB.EXE
C:\ImageMate CompactFlash USB\SandIcon.Exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Browser Mouse\mouse32a.exe
C:\WINDOWS\System32\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\PROGRA~1\COMMON~1\RACLE~1\msiexec.exe
C:\Program Files\Common Files\?icrosoft\s?oolsv.exe
c:\windows\system32\okdsregk.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\system32\zqskw.exe
C:\WINDOWS\wdskctl.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32\ghynf.exe
c:\dfndrff_7.exe
c:\kybrdff_7.exe
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\RG9yb3RoeSBNdW55YW4\command.exe
C:\PROGRA~1\COMMON~1\MICROS~1\Msinfo\OFFPROV.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\System Files\System.exe
C:\WINDOWS\system32\redistributor.exe
c:\nwnmff_7.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.ieplugin.com/q.cgi?q=%s
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\wmblv.exe
F2 - REG:system.ini: UserInit=c:\windows\system32\userinit.exe,ihiphxr.exe
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINDOWS\systb.dll
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [SandIcon] C:\ImageMate CompactFlash USB\SandIcon.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] C:\Program Files\Browser Mouse\mouse32a.exe
O4 - HKLM\..\Run: [Windows System Tray] C:\WINDOWS\system32\fonts\svc\msapp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKLM\..\Run: [{DF-F3-30-01-ZN}] c:\windows\system32\okdsregk.exe GID002
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINDOWS\wdskctl.exe
O4 - HKLM\..\Run: [defender] c:\\dfndrff_7.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [keyboard] c:\\kybrdff_7.exe
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\nwinlpez.exe GID002
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [newname] c:\\nwnmff_7.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aida] "C:\PROGRA~1\COMMON~1\RACLE~1\msiexec.exe" -vt yazb
O4 - HKCU\..\Run: [Cajxodqf] C:\Program Files\Common Files\?icrosoft\s?oolsv.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - Startup: Zeno.lnk = C:\WINDOWS\SYSTEM32\nwinlpez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\zigi.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINDOWS\systb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://support.cox.net/custsup/supporta ... gctlar.cab
O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} (Support.com SmartIssue) - http://support.cox.net/custsup/supporta ... gctlsi.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.c ... st0401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 0483416765
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 5752504252
O16 - DPF: {74C861A1-D548-4916-BC8A-FDE92EDFF62C} - http://mediaplayer.walmart.com/installer/install.cab
O16 - DPF: {886DDE35-E955-11D0-A707-000000881958} - http://69.56.176.75/webplugin.cab
O16 - DPF: {9BFC2253-B9D9-477E-9488-CA450232620D} (BinAg1 Class) - https://fastconnectkitsetup.cox.net/wiz ... ctiveX.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMe ... loader.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://download.games.yahoo.com/games/w ... tycoon.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: logons - C:\WINDOWS\system32\redist.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: Reinstall - C:\WINDOWS\system32\vqsapi.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\RG9yb3RoeSBNdW55YW4\command.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » August 1st, 2006, 12:24 pm

Yes, you got re-infected :(

Uninstall via add/remove programs:

Command
Network Monitor
Surf SideKick
Web Nexus Network
Yazzle by OIN

Re-run combofix

Send:

- a fresh HijackThis log
- combofix report
- a fresh uninstall list
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » August 1st, 2006, 12:32 pm

Okay...how does that happen???

I'm working on the uninstalls and the logs...I'm just curious...did I do something to make that happen?
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » August 1st, 2006, 12:39 pm

Hi

No, you didn't.

There's something hiding from us which downloaded those things back, I guess.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Unread postby capsdeej » August 1st, 2006, 12:41 pm

Command - when I try to remove it, it opens a web page and wants me to download an uninstall program - I'm hesitant to do that - should I download and run it?
User avatar
capsdeej
Regular Member
 
Posts: 35
Joined: July 27th, 2006, 1:56 pm

Unread postby Shaba » August 1st, 2006, 1:15 pm

I don't think it's a good idea. Combofix should be able to remove Command Service. If not, there's a specific tool for it.

EDIT: And please also uninstall Forethought and Quicklinks from Add/remove programs.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland
Advertisement
Register to Remove

PreviousNext

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware