Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

my browser shuts down and my computer is slow

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

my browser shuts down and my computer is slow

Unread postby btaplin » September 20th, 2006, 9:13 pm

Recently, my browser has been shutting down on its own. Sometimes it takes 10 seconds, sometimes 10 minutes. I also find the computer very slow and I am not sure if I have a virus. I am running NIS and Sygate. I also tried to download other anti-virus freeware last night because of my problem. Thanks so much for looking at my problem.

Logfile of HijackThis v1.99.1
Scan saved at 3:47:22 PM, on 9/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\PROGRA~1\Toolbar\TBPSSvc.exe
C:\Program Files\Common Files\WinTools\WToolsS.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\windows\saap.exe
C:\WINDOWS\System32\h9arn5a1.exe
C:\PROGRA~1\Toolbar\TBPS.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRA~1\Toolbar\PIB.exe
C:\PROGRA~1\COMMON~1\WinTools\WSup.exe
c:\WINDOWS\TBSSaver.scr
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\bev\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50252
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50252
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50252
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL
O2 - BHO: TChkBHO Class - {52310950-7838-472B-8AA4-62C2F737D01F} - C:\WINDOWS\SYSTEM32\fssimtun.dll (file missing)
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [saap] c:\windows\saap.exe
O4 - HKLM\..\Run: [h9arn5a1] C:\WINDOWS\System32\h9arn5a1.exe
O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe
O4 - HKLM\..\Run: [WinTools] C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [snuzcrix] C:\WINDOWS\snuzcrix.exe
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - http://www.symantec.com/techsupp/active ... rtutil.CAB
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/294dbac2d180176ca2 ... /RdxIE.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8751276787
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... egular.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/active ... veData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... .0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D9D94A-E40E-4146-B7B5-E62B065A976C}: NameServer = 142.161.2.155 142.161.130.155
O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WebSeach Toolbar support NT service (TBPSSvc) - WebSearch - C:\PROGRA~1\Toolbar\TBPSSvc.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe
btaplin
Active Member
 
Posts: 5
Joined: September 20th, 2006, 9:05 pm
Advertisement
Register to Remove

Unread postby amateur » September 20th, 2006, 10:00 pm

Hello btaplin. Welcome to MR HijackThis forum.

Download and install Ewido Antimalware 4.0.

  • Open Ewido AntiMalware
  • Go to Status menu
  • Click change status on Resident shield to inactive Under "Your computers Security"
Update but Do not scan with it yet.

=========================================

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it

=========================================

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

=========================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

===========================================

From Safe Mode Run Ewido AntiMalware
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop

NOTE: Ewido scan may need an hour.

Warning: While the scan is in progress, DO NOT open any folders or the Windows Control Panel

===========================================

Reboot and post a fresh HijackThis log along with the Ewido log, please.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

HijackThis and ewido logs

Unread postby btaplin » September 21st, 2006, 11:38 pm

Thanks so much for helping me. Sorry I didn't complete the log and reply yesterday. I hope I did everything right. Sometimes I get many interruptions and may miss a step. :)

Logfile of HijackThis v1.99.1
Scan saved at 6:08:07 PM, on 9/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\bev\Desktop\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50252
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50252
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://lookfor.cc/sp.php?pin=28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://lookfor.cc?pin=28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50252
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL
O2 - BHO: TChkBHO Class - {52310950-7838-472B-8AA4-62C2F737D01F} - C:\WINDOWS\SYSTEM32\fssimtun.dll (file missing)
O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - http://www.symantec.com/techsupp/active ... rtutil.CAB
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/294dbac2d180176ca2 ... /RdxIE.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8751276787
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... egular.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/active ... veData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... .0.0.9.cab?
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


This is the ewido log
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:31:44 PM 9/21/2006

+ Scan result:



C:\WINDOWS\saap.exe -> Adware.180Solutions : No action taken.
C:\WINDOWS\saaphook.dll -> Adware.180Solutions : No action taken.
C:\WINDOWS\snuzcrix.exe -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\saap -> Adware.180Solutions : No action taken.
HKLM\SOFTWARE\saap -> Adware.180Solutions : No action taken.
C:\Program Files\INSTAFINK -> Adware.404Search : No action taken.
C:\Documents and Settings\bev\Local Settings\Temp\__unin__.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\bev\Local Settings\Temp\asmfiles.cab/asm.exe -> Adware.Altnet : No action taken.
C:\Documents and Settings\bev\Local Settings\Temp\asmfiles.cab/asmps.dll -> Adware.Altnet : No action taken.
C:\Program Files\Altnet -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.ivd.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cevakrnl.rvd.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab (incomplete) -> Adware.Altnet : No action taken.
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab (incomplete-1) -> Adware.Altnet : No action taken.
C:\WINDOWS\Temp\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Setup -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\Dashboard\Temp Internet Shares -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\LocalFiles -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Altnet\TopSearch -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : No action taken.
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : No action taken.
C:\FTW\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE -> Adware.Background : No action taken.
C:\Documents and Settings\bev\Local Settings\Temp\THI7B8D.tmp\mxTarget.cab/mxTarget.dll -> Adware.BiSpy : No action taken.
C:\Documents and Settings\bev\Local Settings\Temp\THI7B8D.tmp\mxTarget.cab/preInsMt.exe -> Adware.BiSpy : No action taken.
HKLM\SOFTWARE\Effective-i -> Adware.EffectiveBrandToolbar : No action taken.
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Adware.EffectiveBrandToolbar : No action taken.
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Adware.EffectiveBrandToolbar : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/GAppMgr.dll -> Adware.Gator : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/GController.dll -> Adware.Gator : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/GDwldEng.dll -> Adware.Gator : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/gappmgr.dll -> Adware.Gator : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/gcontroller.dll -> Adware.Gator : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/gdwldeng.dll -> Adware.Gator : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire -> Adware.HiWire : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire\MusicMatch -> Adware.HiWire : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire\MusicMatch\History -> Adware.HiWire : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : No action taken.
HKU\S-1-5-21-126639907-2589800181-2619313026-500\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : No action taken.
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\tpro -> Adware.IBIS : No action taken.
C:\Documents and Settings\murray\Local Settings\Temp\IPINSIGT.cab/ipinsigt.dll -> Adware.IPInsight : No action taken.
HKLM\SOFTWARE\Classes\ISTx.Installer -> Adware.ISTBar : No action taken.
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Adware.ISTBar : No action taken.
HKLM\SOFTWARE\Classes\CLSID\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59879FA4-4790-461c-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP666\A0062664.exe -> Adware.Sahat : No action taken.
C:\WINDOWS\7u27m17i.exe -> Adware.Sahat : No action taken.
C:\WINDOWS\SYSTEM32\ehiu0nbn.exe -> Adware.Sahat : No action taken.
HKLM\SOFTWARE\Classes\LOADER2.Loader2Ctrl.1 -> Adware.TopConverting : No action taken.
C:\Documents and Settings\bev\Start Menu\Programs\UCmore - The Search Accelerator -> Adware.Ucmore : No action taken.
C:\Documents and Settings\bev\Start Menu\Programs\UCmore - The Search Accelerator\How To Uninstall.lnk -> Adware.Ucmore : No action taken.
C:\Documents and Settings\bev\Start Menu\Programs\UCmore - The Search Accelerator\UCmore - The Search Accelerator.lnk -> Adware.Ucmore : No action taken.
C:\Documents and Settings\bev\Start Menu\Programs\UCmore - The Search Accelerator\UCmore Tour.lnk -> Adware.Ucmore : No action taken.
C:\Program Files\TheSearchAccelerator -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\INSTALL.LOG -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\TBlogin.users.ucmore.com.4.5.32.0 -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\UNWISE.EXE -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\logo.ico -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\rss_html_template.html -> Adware.UCmore : No action taken.
C:\Program Files\TheSearchAccelerator\toolbar.cfg -> Adware.UCmore : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UCmore - The Search Accelerator -> Adware.UCmore : No action taken.
C:\Documents and Settings\bev\Local Settings\Temporary Internet Files\Content.IE5\XSD2ZOO3\Legacy[1].cab/Legacy.exe -> Adware.WebSearch : No action taken.
C:\Program Files\Toolbar\PIB.exe -> Adware.WebSearch : No action taken.
C:\Program Files\Toolbar\TBPS.exe -> Adware.WebSearch : No action taken.
C:\Program Files\Toolbar\TBPSSvc.exe -> Adware.WebSearch : No action taken.
C:\Program Files\Toolbar\toolbar.dll -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP623\A0058246.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP624\A0058265.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP624\A0058274.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP626\A0058384.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP629\A0058460.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP632\A0059458.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP633\A0059477.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP633\A0059490.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP634\A0059517.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP634\A0059533.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP634\A0059555.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP635\A0059573.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP637\A0059601.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP639\A0059635.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP639\A0059645.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP641\A0059666.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP641\A0059675.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059689.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059700.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059718.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059726.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059739.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP643\A0059765.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP645\A0059795.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP646\A0059819.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059835.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059850.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059862.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059873.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP648\A0059895.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP649\A0059913.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP650\A0059933.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP651\A0059944.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP651\A0059954.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP651\A0059966.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP652\A0059979.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP652\A0059992.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP653\A0060007.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP654\A0060028.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP654\A0060048.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP654\A0060055.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060072.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060093.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060113.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060133.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060149.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP656\A0060173.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060194.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060207.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060224.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060234.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060247.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060274.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP659\A0060308.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP661\A0060361.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP661\A0060384.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP664\A0062568.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP664\A0062607.exe -> Adware.WebSearch : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP666\A0062652.exe -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\Common.Buttons\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\toolbar.ResProtocol -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\SSaver.SaverObj -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\SSaver.SaverObj\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginConfig -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginConfig\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginDown -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginDownAdd\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginDown\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginEvents -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginEvents\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginInst -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginInst\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginServer -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.PluginServer\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\TBPS.ToolbarScript\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\toolbar.ResProtocol -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Classes\toolbar.ResProtocol\Clsid -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinTools -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Downloads -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\2DSAVER -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\APP -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\COMMON -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\MAJORSE -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\SSAVER -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\SVC -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\TBR -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Files\ssmodules -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Install -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\PlugIns -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\PlugIns\COMMON -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\PlugIns\SSAVER -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\PlugIns\SSAVER\DOWNLOAD -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\Toolbar\Server -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\WinTools -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\WinTools\kydmzylki -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\WinTools\nlibjhin -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\WinTools\nlibx4m -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\btlink -> Adware.WebSearch : No action taken.
HKLM\SOFTWARE\btlink\btlink -> Adware.WebSearch : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc -> Adware.WebSearch : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc\Enum -> Adware.WebSearch : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\TBPSSvc\Security -> Adware.WebSearch : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Adware.WebSearch : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Adware.WebSearch : No action taken.
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Security -> Adware.WebSearch : No action taken.
HKU\.DEFAULT\Software\toolbar -> Adware.WebSearch : No action taken.
HKU\S-1-5-18\Software\toolbar -> Adware.WebSearch : No action taken.
C:\Documents and Settings\bev\Local Settings\Temporary Internet Files\Content.IE5\1NZ3TLWE\WinTB[1].cab/WToolsB.dll -> Adware.Wintol : No action taken.
C:\Program Files\Common Files\WinTools\WSup.exe -> Adware.Wintol : No action taken.
C:\Program Files\Common Files\WinTools\WToolsA.exe -> Adware.Wintol : No action taken.
C:\Program Files\Common Files\WinTools\WToolsB.dll -> Adware.Wintol : No action taken.
C:\Program Files\Common Files\WinTools\WToolsS.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP623\A0058248.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP624\A0058267.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP624\A0058278.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP626\A0058388.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP629\A0058461.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP632\A0059459.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP633\A0059479.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP633\A0059492.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP634\A0059519.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP634\A0059535.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP634\A0059558.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP635\A0059575.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP637\A0059602.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP639\A0059634.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP639\A0059648.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP641\A0059665.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP641\A0059678.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059691.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059703.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059719.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059729.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP642\A0059741.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP643\A0059767.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP645\A0059794.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP645\A0059805.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP646\A0059822.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059839.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059853.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059865.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP647\A0059877.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP648\A0059897.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP649\A0059916.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP650\A0059935.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP651\A0059946.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP651\A0059958.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP651\A0059970.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP652\A0059983.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP652\A0059994.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP653\A0060010.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP654\A0060029.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP654\A0060047.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP654\A0060057.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060074.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060096.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060115.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060137.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP655\A0060151.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP656\A0060174.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060196.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060210.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060225.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060236.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060249.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP658\A0060277.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP659\A0060307.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP661\A0060364.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP661\A0060386.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP664\A0062569.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP664\A0062608.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP666\A0062653.exe -> Adware.Wintol : No action taken.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP666\A0062665.dll -> Adware.Wintol : No action taken.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl -> Adware.WurldMedia : No action taken.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl.1 -> Adware.WurldMedia : No action taken.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CLSID -> Adware.WurldMedia : No action taken.
HKLM\SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CurVer -> Adware.WurldMedia : No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Community -> Adware.WurldMedia : No action taken.
HKLM\SOFTWARE\FENX -> Dialer.Generic : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/Sentry.exe -> Downloader.Stubby.b : No action taken.
C:\Documents and Settings\alex\Cookies\alex@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\murray\Cookies\murray@247realmedia[1].txt -> TrackingCookie.247realmedia : No action taken.
C:\Documents and Settings\alex\Cookies\alex@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\alex\Cookies\alex@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\murray\Cookies\murray@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\murray\Cookies\murray@homedepotca.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\murray\Cookies\murray@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_19,51,38.zip/bev@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,7,2005_19,45,0.zip/bev@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\6,20,2005_21,6,24.zip/bev@2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc158.txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc387.txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc618.txt -> TrackingCookie.2o7 : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc846.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\murray\Cookies\murray@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\6,20,2005_21,6,24.zip/bev@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc856.txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\alex\Cookies\alex@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\murray\Cookies\murray@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@z1.adserver[2].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,3,2004_19,49,11.zip/bev@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_19,51,38.zip/bev@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,7,2005_19,45,0.zip/bev@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\5,8,2005_0,42,0.zip/bev@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc573.txt -> TrackingCookie.Adserver : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc616.txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\alex\Cookies\alex@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\alex\Cookies\alex@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\murray\Cookies\murray@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_19,51,38.zip/bev@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_19,51,38.zip/bev@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,7,2005_19,45,0.zip/bev@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,7,2005_19,45,0.zip/bev@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@servedby.advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\6,20,2005_21,6,24.zip/bev@advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\6,20,2005_21,6,24.zip/bev@servedby.advertising[1].txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc164.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc276.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc398.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc502.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc604.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc621.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc76.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc854.txt -> TrackingCookie.Advertising : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc855.txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\alex\Cookies\alex@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\bev\Cookies\bev@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\murray\Cookies\murray@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,37,19.zip/bev@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@atdmt[1].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,3,2004_19,49,11.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,5,2004_22,10,47.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_19,51,38.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,26,2005_18,24,33.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,7,2005_19,45,0.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,12,2005_21,43,37.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\5,8,2005_0,42,0.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\6,20,2005_21,6,24.zip/bev@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc173.txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc406.txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc576.txt -> TrackingCookie.Atdmt : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc897.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\alex\Cookies\alex@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,3,2004_19,49,11.zip/bev@bfast[2].txt -> TrackingCookie.Bfast : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,5,2004_22,10,47.zip/bev@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc175.txt -> TrackingCookie.Bfast : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc411.txt -> TrackingCookie.Bfast : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc577.txt -> TrackingCookie.Bfast : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc83.txt -> TrackingCookie.Bfast : No action taken.
C:\Documents and Settings\murray\Cookies\murray@bluestreak[2].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,3,2004_19,49,11.zip/bev@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,7,2005_19,45,0.zip/bev@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc178.txt -> TrackingCookie.Bluestreak : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc414.txt -> TrackingCookie.Bluestreak : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc578.txt -> TrackingCookie.Bluestreak : No action taken.
C:\Documents and Settings\murray\Cookies\murray@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\alex\Cookies\alex@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc826.txt -> TrackingCookie.Burstbeacon : No action taken.
C:\Documents and Settings\alex\Cookies\alex@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\bev\Cookies\bev@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\murray\Cookies\murray@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc824.txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\alex\Cookies\alex@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@casalemedia[1].txt -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc847.txt -> TrackingCookie.Casalemedia : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc183.txt -> TrackingCookie.Centrport : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc417.txt -> TrackingCookie.Centrport : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc843.txt -> TrackingCookie.Centrport : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc91.txt -> TrackingCookie.Clickbank : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc865.txt -> TrackingCookie.Clickhype : No action taken.
C:\Documents and Settings\murray\Cookies\murray@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\alex\Cookies\alex@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\murray\Cookies\murray@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\murray\Cookies\murray@news.com[1].txt -> TrackingCookie.Com : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,26,2005_18,24,33.zip/bev@com[2].txt -> TrackingCookie.Com : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@com[2].txt -> TrackingCookie.Com : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc193.txt -> TrackingCookie.Com : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc125.txt -> TrackingCookie.Commission-junction : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc315.txt -> TrackingCookie.Commission-junction : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc421.txt -> TrackingCookie.Commission-junction : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc584.txt -> TrackingCookie.Commission-junction : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc900.txt -> TrackingCookie.Commission-junction : No action taken.
C:\Documents and Settings\alex\Cookies\alex@data.coremetrics[2].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Documents and Settings\murray\Cookies\murray@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,19,2005_19,51,38.zip/bev@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc197.txt -> TrackingCookie.Coremetrics : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc742.txt -> TrackingCookie.Coremetrics : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc892.txt -> TrackingCookie.Coremetrics : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc177.txt -> TrackingCookie.Counted : No action taken.
C:\Documents and Settings\alex\Cookies\alex@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\murray\Cookies\murray@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\10,12,2004_19,31,18.zip/bev@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,22,2004_21,55,25.zip/bev@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,3,2004_19,49,11.zip/bev@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\11,5,2004_22,10,47.zip/bev@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\2,7,2005_19,45,0.zip/bev@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\4,7,2005_19,17,54.zip/bev@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Program Files\NoAdware\NoAdwareBackup\5,8,2005_0,42,0.zip/bev@doubleclick[2].txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc202.txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc428.txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc585.txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc896.txt -> TrackingCookie.Doubleclick : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc94.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\murray\Cookies\murray@e-2dj6wfkoqgajafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\murray\Cookies\murray@e-2dj6wfligoczwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : No action taken.
C:\Documents and Settings\murray\Cookies\murray@e-2dj6wjkyemcpgaq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc667.txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc668.txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc681.txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc685.txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc686.txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc687.txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc688.txt -> TrackingCookie.Esomniture : No action taken.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-1006\Dc692.txt -> Trac
btaplin
Active Member
 
Posts: 5
Joined: September 20th, 2006, 9:05 pm

Unread postby amateur » September 22nd, 2006, 8:40 am

Hi,

Thanks for the logs.

Sometimes I get many interruptions and may miss a step.

I am afraid you did miss a couple of steps. Please try not to miss any this time. You might like to spare some quiet time for couple of hours.

It would be a good idea to print these instructions so that you can have access to them at all times, and especially when you're in Safe Mode, since most of the fixes will be carried out in Safe Mode. Please follow them carefully without missing any of the steps, and in the order they are presented.

Step 1

You'll need to disable Ewido guard and Norton Script blocking so that they will not interfere with the fixes:

Disabling Ewido guard

  • Open Ewido AntiMalware
  • Go to Status menu
  • Click change status on Resident shield to inactive Under "Your computers Security"

Right click on Ewido in the system tray and uncheck "Start with Windows".
" Go to Start > Run and type: services.msc
" Press "OK".
" In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
" When you find the guard service, double-click on it.
" In the Properties Window > General Tab that opens, click the "Stop" button.
" From the drop-down menu next to "Startup Type", click on "Manual".
" Now click "Apply", then "OK" and close the Services window.

* Disable Script Blocking Service:
" To open Services, go to [Start > Control Panel> Administrative Tools, >Services.
" Find ScriptBlocking service, Right-click the service, and then click Properties. On the General tab, under Startup, click Disabled.
" Under Service Status, click Stop button. Click Apply button.
* Disable the Script Blocking In Norton Settings:
" Start Norton Antivirus.
" Click Options. If a menu appears when you click Options, then click Norton Antivirus. The Norton Antivirus Options dialog box appears.
" Click Script Blocking.
" Uncheck Enable Script Blocking (recommended).
" Click OK

=======================================

Step 2

Please go to Start>Control Panel>Add/Remove Programs and remove the following programs, if found:

RX Tool Bar
Date Manager
INSTAFINK
Altnet
NoAdware
TheSearchAccelerator
Toolbar


=======================================

Step 3

Download
CWShredder to its own folder from here.

Update CWShredder

* Open CWShredder and click I AGREE
* Click Check For Update
* Close CWShredder. Do not scan yet.
=========================================

Step 4

Open Ewido. Update it, but do not run it yet.

=========================================

Step 5

Safe Mode (without networking)

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.

Next, please reboot your computer in Safe Mode(without networking) by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Look in here for
more information.

==========================================

Step 6

Scan with HijackThis and put a chekmark against the following entries:

O2 - BHO: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - C:\PROGRA~1\COMMON~1\WinTools\WToolsB.dll (file missing)
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll (file missing)
O3 - Toolbar: &WebSearch Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll (file missing)
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O16 - DPF: {34805D32-AD89-469E-8503-A5666AEE4333} - http://207.188.7.150/294dbac2d180176ca2 ... /RdxIE.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolbar.com/ist/softwares ... egular.cab
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll

Make sure that all browsers/windows/applications are closed and click on fix checked. Exit HijackThis but stay in Safe Mode.

===========================================

Step 7

You may need to unhide files before you proceed.

Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

Using Windows Explorer (right click on Start, click on explore), navigate to the following files and folders, and delete them if found.

C:\WINDOWS\saap.exe
C:\WINDOWS\saaphook.dll
C:\WINDOWS\snuzcrix.exe

C:\Program Files\RXToolBar
C:\Program Files\Date Manager
C:\Program Files\INSTAFINK
C:\Program Files\Altnet
C:\Program Files\NoAdware
C:\Program Files\TheSearchAccelerator
C:\Program Files\Toolbar
C:\Program Files\Common Files\WinTools

===================================

Step 8

From Safe Mode Run Ewido AntiMalware Make sure that you quaranteen the items found by Ewido. No action was taken the last time you scanned.
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
  • When the scan is complete click Recommended Action and change it to Quarantine
  • Then click Apply all actions
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop

===================================

Step 9

Still from Safe Mode, now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

===================================
Step 10

Reboot your computer into normal windows and carry on with the rest of the instructions in Normal Mode.

===================================
Step 11

Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware SE is 1.06 and Spybot 1.4. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be remove

===================================

Step 12

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan. (use Internet Explorer)
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Once finished, click see report, then click Save report and save it to your desktop.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry.

===================================

Step 13

Click Start>Run, type in appwiz.cpl and hit Enter. From the list
  • Remove all entries J2SE or J2SE Runtime Environment that are listed.

Now reboot your computer.
Download the latest version of Java Runtime Environment (JRE) 5.0 Update 8.

======================================
Restart your computer one more time. Scan with HijackThis and please post back:

1. the fresh HijackThis log
2. Ewido log
3. Panda log
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

thanks for helping!

Unread postby btaplin » September 24th, 2006, 10:19 pm

Here are all logs requested. I was careful to follow your instructions. I noticed that the Panda Scan was only to find, not to remove. Hope this was correct. Sorry for not getting it right the first time. Thanks for your patience.

Hijack this from today:
Logfile of HijackThis v1.99.1
Scan saved at 4:25:03 PM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
C:\Documents and Settings\bev\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL
O2 - BHO: TChkBHO Class - {52310950-7838-472B-8AA4-62C2F737D01F} - C:\WINDOWS\SYSTEM32\fssimtun.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - http://www.symantec.com/techsupp/active ... rtutil.CAB
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8751276787
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/active ... veData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... .0.0.9.cab?
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Ewido log from Friday:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:32:56 AM 9/22/2006

+ Scan result:



C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062687.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062688.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062689.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Settings -> Adware.Altnet : Error during cleaning.
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062700.EXE -> Adware.Background : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062701.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062702.exe -> Adware.Sahat : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062683.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062684.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062685.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062686.dll -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062696.exe -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062697.exe -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062698.dll -> Adware.Wintol : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP667\A0062699.exe -> Adware.Wintol : Cleaned with backup (quarantined).
C:\Documents and Settings\bev\Cookies\bev@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\bev\Cookies\bev@ehg-ubisoft.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\bev\Cookies\bev@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\bev\Cookies\bev@need2find[1].txt -> TrackingCookie.Need2find : Cleaned with backup (quarantined).


::Report end

Panda log from Friday:


Incident Status Location

Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL
Adware:adware/clickalchemy Not disinfected c:\windows\inf\alchem.inf
Adware:adware/ipinsight Not disinfected c:\windows\inf\IPINSIGT.inf
Adware:adware/msview Not disinfected c:\windows\inf\MSView.inf
Adware:adware/gator Not disinfected c:\GatorPatch.log
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Adware:adware/sahagent Not disinfected c:\windows\system32\SahImages
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Potentially unwanted tool:application/regclean32 Not disinfected c:\program files\Registry Cleaner Trial
Adware:adware/ncase Not disinfected c:\windows\FLEOK
Potentially unwanted tool:application/altnet Not disinfected hkey_local_machine\software\Altnet
Adware:adware/wintools Not disinfected Windows Registry
Adware:adware/shoppingcommunity Not disinfected Windows Registry
Adware:adware/ucmore Not disinfected Windows Registry
Adware:adware/topconvert Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/savenow Not disinfected Windows Registry
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\alex\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\bev\Cookies\bev@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\bev\Cookies\bev@doubleclick[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\murray\Cookies\murray@adultfriendfinder[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\murray\Cookies\murray@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\murray\Cookies\murray@belnk[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\murray\Cookies\murray@c.fsx[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\murray\Cookies\murray@c3.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\murray\Cookies\murray@ccbill[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\murray\Cookies\murray@ct.360i[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\murray\Cookies\murray@dist.belnk[2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\murray\Cookies\murray@gammae[2].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\murray\Cookies\murray@gangbangsquad[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\murray\Cookies\murray@go[1].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\murray\Cookies\murray@offeroptimizer[1].txt
Spyware:Cookie/TeensForCash Not disinfected C:\Documents and Settings\murray\Cookies\murray@teensforcash[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\murray\Cookies\murray@toplist[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\murray\Cookies\murray@xiti[1].txt
Adware:Adware/MSView Not disinfected C:\Documents and Settings\murray\Local Settings\Temp\MSView.inf
Adware:Adware/Twain-Tech Not disinfected C:\Documents and Settings\murray\Local Settings\Temp\twaintec.inf
Potentially unwanted tool:Application/PRScheduler Not disinfected C:\Documents and Settings\murray\Start Menu\Programs\Startup\PowerReg Scheduler.exe
Adware:Adware/Comet Not disinfected C:\Program Files\Acoustica CD Label Maker\fileutil.dll
Adware:Adware/WinTools Not disinfected C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-500\Dc3\common.dll
Possible Virus. Not disinfected C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-500\Dc3\hotfixEx.exe
Adware:Adware/WurldMedia Not disinfected C:\WINDOWS\SYSTEM32\winbpupd.exe
Virus:Trj/Mitglieder.BO Not disinfected Local Folders\Inbox arch 2002-2005\977888.rar[dddd.exe]
btaplin
Active Member
 
Posts: 5
Joined: September 20th, 2006, 9:05 pm

Unread postby amateur » September 25th, 2006, 6:52 pm

Hi btaplin

Yes, I know Panda doesn't remove adware/spyware items found (which are usually minor traces), but the important thing about the Panda scan is to make sure any trojans or viruses (or infected system files) can be cured and those it WILL fix.

I see you are using a program called Registry Cleaner Trial. I am not familiar with the program but Panda has flagged it as a dangerous tool. Registry tools should always be used with extreme caution, if not used at all unless absolutely necessary. I would recommend that you remove it from Add/Remove programs at the Control Panel.

===================================

Please update Ewido first to make it ready for later use.

===================================

Make sure no files will be hidden. To do this:

1. Click Start.
2. Open My Computer.
3. Select the Tools menu and click Folder Options.
4. Select the View Tab.
5. Under the Hidden files and folders heading select Show hidden files and folders.
6. Uncheck the Hide protected operating system files (recommended) option.
7. Click Yes to confirm.
8. Click OK.

================================

Copy/paste the following text inside the quote box into a new notepad (must be notepad, not wordpad) document:

Code: Select all
REGEDIT4

[-HKEY-LOCAL_MACHINE\SOFTWARE\Altnet]



Make sure there are NO blank lines before REGEDIT4
Make sure there IS one blank line at the end of the file.

Save it as File Type All Files (not as a Text document, or it won't work).
Save it to your desktop as fixme.reg

==============================================

Scan with HijackThis and put a checkmark against the following entries:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: (no name) - {87766247-311C-43B4-8499-3D5FEC94A183} - (no file)
O2 - BHO: Need2Find Bar BHO - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - C:\Program Files\Need2Find\bar\3.bin\ND2FNBAR.DLL
O2 - BHO: TChkBHO Class - {52310950-7838-472B-8AA4-62C2F737D01F} - C:\WINDOWS\SYSTEM32\fssimtun.dll (file missing)
O4 - HKCU\..\Run: [Registry Cleaner] "C:\Program Files\Registry Cleaner Trial\Regclean.exe" -startminimize
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)


Make sure that all browsers/email/windows, etc. are closed other than HijackThis and click on fix checeked. Exit HijackThis.

==============================================

Boot into Safe Mode and delete the following files and folders using Windows Explorer (Windows key + E):

c:\windows\inf\alchem.inf
c:\windows\inf\IPINSIGT.inf
c:\windows\inf\MSView.inf
c:\GatorPatch.log
c:\windows\smdat32a.sys
C:\Documents and Settings\alex\Start Menu\Programs\Startup\PowerReg Scheduler.exe
C:\WINDOWS\SYSTEM32\winbpupd.exe

The following seems to be in your Inbox. The path is not clear, but usually in Thunderbird and the Mozilla Suite, "Local Folders" is the name given to the set of mail folders at the bottom of the folders pane.
Virus:Trj/Mitglieder.BO Not disinfected Local Folders\Inbox arch 2002-2005\977888.rar[dddd.exe]

Here and here you can read and get more information about it.

I don't know whether it was ever activated or not, but please delete it now.

c:\windows\system32\SahImages
c:\program files\MyWay
c:\program files\Need2Find
C:\program files\Registry Cleaner Trial
c:\windows\FLEOK
C:\Program Files\Acoustica CD Label Maker

Delete the contents of the following folder but not the folder itself:

C:\Documents and Settings\murray\Local Settings\Temp\

=====================================================

While still in Safe Mode, double click fixme.reg and answer yes when asked to merge it into the registry.

=================================================

Still in Safe Mode, scan with Ewido again and save the log.

=====================================================

Restart your computer in Normal Mode now.

=====================================================

Please download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware SE is 1.06 and Spybot 1.4. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be remove

======================================================

Run Ccleaner following the earlier instructions.

======================================================

Let's run another good online scanner.

Kaspersky Online Scanner from http://www.kaspersky.com/virusscanner

Next Click on Launch Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Standard
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.

Copy and paste that information from Kapersky in your next post along with the Ewido log and a fresh HijackThis log please.
Last edited by amateur on September 28th, 2006, 6:56 am, edited 2 times in total.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

thanks again for helping me fix the malware issues

Unread postby btaplin » September 27th, 2006, 10:45 pm

I deleted the Registry Cleaner in add/remove programs. I downloaded it a while ago when I was trying to clean my pc of viruses. I only used it once. When I first went into safe mode to remove the files and folders you listed, I could not find the following:
c:\windows\inf\alchem.inf
c:\windows\inf\IPINSIGT.inf
c:\windows\inf\MSView.inf
I also have not found the infected Inbox file yet. I will keep looking and remove it when I locate it. I had some problems getting the computer into safe mode a few times. I got a "keyboard error" so I had to run some scans in normal that were identified "safe mode scans". I hope that it didn't ruin the results. I didn't remove Acoustica CD Label Maker because it is a frequently used application. I bought it online and I don't have the disk to re-install. I hope I can keep the program and it's not infected.

On another note, I am going on a family vacation and will be away for a week and a half (returning October 9th) so I won't be posting anything until then. Thanks again for your help. I really do appreciate it. My browser and computer speed is already a vast improvement over the days I first contacted MR. Things are looking up!

Here are my scans:
Kaspersky Log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, September 27, 2006 9:09:20 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 28/09/2006
Kaspersky Anti-Virus database records: 213719
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 95584
Number of viruses found: 12
Number of infected objects: 43 / 0
Number of suspicious objects: 1
Duration of the scan process: 01:48:02

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-09-27_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped
C:\Documents and Settings\bev\Application Data\SiteAdvisor\SiteAdv.csh Object is locked skipped
C:\Documents and Settings\bev\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\bev\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Inbox arch 2002-2005.dbx/[From "Btaplin" <btaplin@juno.com>][Date Fri, 04 Mar 2005 21:36:14 +0100]/UNNAMED/977888.rar/dddd.exe Infected: Email-Worm.Win32.Bagle.pac skipped
C:\Documents and Settings\bev\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Inbox arch 2002-2005.dbx/[From "Btaplin" <btaplin@juno.com>][Date Fri, 04 Mar 2005 21:36:14 +0100]/UNNAMED/977888.rar Infected: Email-Worm.Win32.Bagle.pac skipped
C:\Documents and Settings\bev\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Inbox arch 2002-2005.dbx/[From "Btaplin" <btaplin@juno.com>][Date Fri, 04 Mar 2005 21:36:14 +0100]/UNNAMED Infected: Email-Worm.Win32.Bagle.pac skipped
C:\Documents and Settings\bev\Local Settings\Application Data\Identities\{22EC0CF3-81F7-4841-81FA-78134B37A30D}\Microsoft\Outlook Express\Inbox arch 2002-2005.dbx Mail MS Outlook 5: infected - 3 skipped
C:\Documents and Settings\bev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\bev\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\bev\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bev\Local Settings\History\History.IE5\MSHist012006092720060928\index.dat Object is locked skipped
C:\Documents and Settings\bev\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\bev\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\bev\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\bev\UserData\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPStop.log Object is locked skipped
C:\Program Files\Norton AntiVirus\Quarantine\0D773405 Infected: Trojan-Downloader.Win32.Wintool.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\0DFF5B0D.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\0E03050A.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F396C69 Infected: Trojan-Downloader.Win32.Wintool.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\13F76384.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\1A390B80.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\1D5436E2.html Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\255E0FDB Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\263964D3.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\26D95FB5 Infected: Trojan-Downloader.Win32.Wintool.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\2ECF36EE Infected: Trojan-Downloader.Win32.Wintool.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\306D42EB.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\32637DB5.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3566436F.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3D4E793E.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\3D52233A.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\3ECF65A5 Infected: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\4035106D.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\47606568 Infected: Trojan-Downloader.Win32.Wintool.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\47C928A2 Infected: Trojan-Downloader.Win32.Agent.ex skipped
C:\Program Files\Norton AntiVirus\Quarantine\4E350F11.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Program Files\Norton AntiVirus\Quarantine\53577AEE.htm Suspicious: Exploit.HTML.Mht skipped
C:\Program Files\Norton AntiVirus\Quarantine\536B76D8.ani Infected: Trojan-Downloader.Win32.Ani.b skipped
C:\Program Files\Norton AntiVirus\Quarantine\537474CD.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\53781ECA.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\5ADB4A3C.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\5BB33BF5 Infected: Trojan-Downloader.Win32.Wintool.f skipped
C:\Program Files\Norton AntiVirus\Quarantine\61C20A2A Infected: Trojan-Downloader.Win32.OneClickNetSearch.g skipped
C:\Program Files\Norton AntiVirus\Quarantine\642E4E28.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\68855786.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\697514A9 Infected: Trojan-Downloader.JS.IstBar.k skipped
C:\Program Files\Norton AntiVirus\Quarantine\6EED1A3E Infected: Trojan-Downloader.Win32.Agent.ex skipped
C:\Program Files\Norton AntiVirus\Quarantine\746A5FF5.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\746E09F1.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\78D0480D.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EBC2DDC.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\7EC057D9.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\01FA5EC0.htm Infected: Trojan-Downloader.JS.IstBar.z skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\726F5EBB.cla Infected: Trojan.Java.ClassLoader.c skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\727208B8.cla Infected: Exploit.Java.ByteVerify skipped
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP676\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\SPOOL\PRINTERS\00015.SPL Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Ewido log:
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:34:40 PM 9/26/2006

+ Scan result:



HKU\S-1-5-21-126639907-2589800181-2619313026-1006\Software\saap -> Adware.180Solutions : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Altnet -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Altnet\Dashboard\Messages -> Adware.Altnet : Error during cleaning.
HKLM\SOFTWARE\Classes\CLSID\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} -> Adware.DeluxeCommunications : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP645\A0059801.exe -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\bev\Cookies\bev@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\bev\Cookies\bev@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\bev\Cookies\bev@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\bev\Cookies\bev@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-500\Dc17.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\bev\Cookies\bev@need2find[2].txt -> TrackingCookie.Need2find : Cleaned.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-500\Dc16.txt -> TrackingCookie.Sextracker : Cleaned.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-500\Dc18.txt -> TrackingCookie.Sextracker : Cleaned.
C:\RECYCLER\S-1-5-21-126639907-2589800181-2619313026-500\Dc15.txt -> TrackingCookie.Wegcash : Cleaned.


::Report end




Logfile of HijackThis v1.99.1
Scan saved at 9:36:16 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\system32\gearsec.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\SiteAdvisor\SiteAdv.exe
C:\Documents and Settings\bev\Desktop\virus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\SiteAdv.dll
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DIAGENT] C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\DIAGENT.EXE startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = C:\Program Files\Intuit\QuickBooks\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: symsupportutil - http://www.symantec.com/techsupp/active ... rtutil.CAB
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {072D3F2E-5FB6-11D3-B461-00C04FA35A21} (CFForm Runtime) - http://members.skatecanada.ca/CFIDE/classes/CFJava.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/Shar ... /cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 8751276787
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/viru ... ebscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - http://www.symantec.com/techsupp/active ... veData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-l ... cfscan.cab
O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://costco.pnimedia.com/upload/activ ... .0.0.9.cab?
O17 - HKLM\System\CCS\Services\Tcpip\..\{B8D9D94A-E40E-4146-B7B5-E62B065A976C}: NameServer = 142.161.2.155 142.161.130.155
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
btaplin
Active Member
 
Posts: 5
Joined: September 20th, 2006, 9:05 pm

Unread postby amateur » September 28th, 2006, 7:43 am

Hi btaplin,

Thanks for the logs.

We've made good progress. it's looking much better.

Infected mail is in your Microsoft Outlook Express Inbox, sent on March 4, 2005, unnamed, by you from your account at juno.com.

=================================================

Let's do a couple more things. Update first and then scan with Adaware SE again. Sometimes it takes more than one scan to get it all.
Reboot. (that's important)
===================================================

Download regsrch.zip to your Desktop.
1. Unzip the contents of RegSrch.zip to a convenient location.
2. Double-click on RegSrch.vbs.
3. Your anti-virus and other online scanners might prompt you about a running script.
4. Please ignore these warnings and allow the script to run.
5. In the "Enter search string (case insensitive) and click OK..." box, paste this string:

Altnet

6. Click "OK" to search the registry for that string.
7. Wait for a few minutes while it completes the search.
8. Click "OK" to open the results in WordPad.
9. Copy and paste the entire results into your next post.

Do the same for

180Solutions

===================================================

About Acoustica CD Label Maker\fileutil.dll ========= this file is used by an adware called Comet cursor. you'll see the file listed towards the end. If you don't mind it, you can continue using it.

===================================================

Please Empty your Recycle bin and the Quarantine folder of your Norton AntiVirus.
  • Open Norton
  • click Reports
  • click View Quarantine
  • Highlight Quarantine items
  • click Action (at top of box)
  • Delete Make sure everything is deleted in Quarantine list
  • Close Norton.

====================================================

I am going on a family vacation and will be away for a week and a half (returning October 9th) so I won't be posting anything until then.


We still have some work to do, but have a nice vacation and we'll finish it up when you come back.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Finally back to complete the job

Unread postby btaplin » October 18th, 2006, 8:32 pm

Sorry it took so long to get back to you after my time off. Thanks for being so patient with me through this whole process. I deleted all old email (older than September 2005) so I should be free of the March 2005 infected email. I ran Adaware and it showed infected files.
Adaware log:

Ad-Aware SE Build 1.06r1
Logfile Created on:Wednesday, October 18, 2006 3:33:02 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R128 18.10.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
IBIS Toolbar(TAC index:5):5 total references
MRU List(TAC index:0):39 total references
Tracking Cookie(TAC index:3):21 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


10-18-2006 3:33:02 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\bev\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\bev\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\creative tech\creative wavestudio\settings
Description : list of recently used directories in creative wavestudio


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\automap\8.0\findmru
Description : list of recently used find queries used in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\automap\8.0\recent file list
Description : list of recently used files in microsoft automap-based products


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\clipart gallery\2.0\mrudescription
Description : most recently used description in microsoft clipart gallery


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\office\8.0\common\open find\microsoft powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\office\8.0\excel\recent file list
Description : list of recent files used by microsoft excel


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\office\8.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\office\9.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\office\9.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\picture it! publishing\5.0\recent file list
Description : list of recently used files in microsoft picture it!


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-126639907-2589800181-2619313026-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 572
ThreadCreationTime : 10-18-2006 8:05:12 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 620
ThreadCreationTime : 10-18-2006 8:05:14 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 644
ThreadCreationTime : 10-18-2006 8:05:15 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 688
ThreadCreationTime : 10-18-2006 8:05:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 700
ThreadCreationTime : 10-18-2006 8:05:16 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 868
ThreadCreationTime : 10-18-2006 8:05:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 956
ThreadCreationTime : 10-18-2006 8:05:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1060
ThreadCreationTime : 10-18-2006 8:05:17 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1116
ThreadCreationTime : 10-18-2006 8:05:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1268
ThreadCreationTime : 10-18-2006 8:05:18 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1448
ThreadCreationTime : 10-18-2006 8:05:20 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [nhksrv.exe]
FilePath : C:\WINDOWS\
ProcessID : 152
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal


#:13 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 172
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal
FileVersion : 3.0.0.160
ProductVersion : 3.0.0.160
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2005 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:14 [ccproxy.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 192
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal
FileVersion : 103.0.8.2
ProductVersion : 103.0.8.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Network Proxy Service
InternalName : ccProxy
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccProxy.exe

#:15 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 208
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:16 [ctsvccda.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 196
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright (c) Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:17 [gearsec.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 240
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : gearsec
CompanyName : GEAR Software
FileDescription : gearsec
InternalName : gearsec
LegalCopyright : Copyright © 2001 GEAR Software
OriginalFilename : gearsec.exe

#:18 [issvc.exe]
FilePath : C:\Program Files\Norton Internet Security\
ProcessID : 260
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal
FileVersion : 8.0.5.14
ProductVersion : 8.0
ProductName : Norton Internet Security
CompanyName : Symantec Corporation
FileDescription : IS Service
InternalName : ISSVC.exe
LegalCopyright : Copyright (c) 2004 Symantec Corporation
OriginalFilename : ISSVC.exe

#:19 [navapsvc.exe]
FilePath : C:\Program Files\Norton Internet Security\Norton AntiVirus\
ProcessID : 288
ThreadCreationTime : 10-18-2006 8:06:26 PM
BasePriority : Normal
FileVersion : 11.0.16.2
ProductVersion : 11.0.16
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:20 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 308
ThreadCreationTime : 10-18-2006 8:06:27 PM
BasePriority : Normal
FileVersion : 5.13.01.1520
ProductVersion : 5.13.01.1520
ProductName : NVIDIA Driver Helper Service, Version 15.20
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 15.20
InternalName : NVSVC
LegalCopyright : Copyright © 1998-2001 NVIDIA Corporation
OriginalFilename : nvsvc32.exe

#:21 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 616
ThreadCreationTime : 10-18-2006 8:06:30 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:22 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 876
ThreadCreationTime : 10-18-2006 8:06:30 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright (c) 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:23 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 928
ThreadCreationTime : 10-18-2006 8:06:30 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 1012
ThreadCreationTime : 10-18-2006 8:06:31 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 478
ProductVersion : 1, 8, 54, 478
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:25 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 10-18-2006 8:06:31 PM
BasePriority : Normal
FileVersion : 7.00.00.1954
ProductVersion : 7.00.00.1954
ProductName : Microsoft (R) DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:26 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1188
ThreadCreationTime : 10-18-2006 8:06:31 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:27 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 472
ThreadCreationTime : 10-18-2006 8:06:42 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:28 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2900
ThreadCreationTime : 10-18-2006 8:16:29 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:29 [devldr32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2248
ThreadCreationTime : 10-18-2006 8:16:31 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 21
ProductVersion : 1, 0, 0, 21
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1997-2001 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:30 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 2316
ThreadCreationTime : 10-18-2006 8:16:31 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:31 [mm_tray.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 2736
ThreadCreationTime : 10-18-2006 8:16:41 PM
BasePriority : Normal
FileVersion : 9.00.5059
ProductVersion : 9.00.5059
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch, Inc.
FileDescription : mm_tray
InternalName : mm_tray
LegalCopyright : Copyright © Musicmatch 1998-2004
LegalTrademarks :
OriginalFilename : mm_tray.exe

#:32 [wkufind.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 2752
ThreadCreationTime : 10-18-2006 8:16:41 PM
BasePriority : Normal
FileVersion : 7.00.0709.0
ProductVersion : 7.00.0709.0
ProductName : Update Detection Module
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Update Detection
InternalName : WkUFind
LegalCopyright : Copyright © 1987-2002 Microsoft Corporation.
OriginalFilename : WkUFind.exe

#:33 [dellmmkb.exe]
FilePath : C:\WINDOWS\
ProcessID : 3608
ThreadCreationTime : 10-18-2006 8:16:44 PM
BasePriority : Normal
FileVersion : 2.0.0
ProductVersion : 2.0.0
ProductName : Netropa Hot Key
CompanyName : Netropa Corp.
FileDescription : Netropa(tm) Hot Key
InternalName : Netropa Hot Key
LegalCopyright : Copyright © 2000-2001 Netropa Corp.
OriginalFilename : nhk.exe

#:34 [osd.exe]
FilePath : C:\Program Files\Netropa\
ProcessID : 4036
ThreadCreationTime : 10-18-2006 8:16:45 PM
BasePriority : Normal
FileVersion : 2.02
ProductVersion : 2.02
ProductName : Onscreen Display
CompanyName : Netropa Corp.
FileDescription : Netropa(r) Onscreen Display
InternalName : OSD
LegalCopyright : Copyright © 1997-2001 Netropa Corp.
OriginalFilename : osd.exe

#:35 [directcd.exe]
FilePath : C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\
ProcessID : 4068
ThreadCreationTime : 10-18-2006 8:16:46 PM
BasePriority : Normal
FileVersion : 5.10 (105)
ProductVersion : 5.10 (105)
ProductName : DirectCD
CompanyName : Roxio
FileDescription : DirectCD Application
InternalName : DirectCD
LegalCopyright : Copyright © 2001, Roxio, Inc.
OriginalFilename : Directcd.exe

#:36 [diagent.exe]
FilePath : C:\Program Files\Creative\SBLive\Creative Diagnostics 2.0\
ProcessID : 4084
ThreadCreationTime : 10-18-2006 8:16:47 PM
BasePriority : Normal
FileVersion : 1.0.10.0
ProductVersion : 1.00.10
ProductName : Creative Diagnostics Agent
CompanyName : Creative Technology Ltd
FileDescription : Creative Diagnostics Agent
InternalName : Creative Diagnostics Agent
LegalCopyright : Copyright (C) 2001 Creative Technology Ltd
OriginalFilename : diagent.exe

#:37 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 4092
ThreadCreationTime : 10-18-2006 8:16:47 PM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:38 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 452
ThreadCreationTime : 10-18-2006 8:16:47 PM
BasePriority : Normal
FileVersion : 103.0.7.2
ProductVersion : 103.0.7.2
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:39 [mmtask.exe]
FilePath : C:\Program Files\MusicMatch\MusicMatch Jukebox\
ProcessID : 460
ThreadCreationTime : 10-18-2006 8:16:47 PM
BasePriority : Normal
FileVersion : 9.0.0.1
ProductVersion : 9.0.0.1
ProductName : Musicmatch Jukebox
CompanyName : Musicmatch Inc.
FileDescription : <Musicmatch System Tray Application>
InternalName : mmtask.exe
LegalCopyright : (c) Musicmatch Inc.. All rights reserved.
OriginalFilename : mmtask.exe

#:40 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_08\bin\
ProcessID : 1332
ThreadCreationTime : 10-18-2006 8:16:47 PM
BasePriority : Normal


#:41 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1964
ThreadCreationTime : 10-18-2006 8:16:47 PM
BasePriority : Normal
FileVersion : 4.7.3001
ProductVersion : Version 4.7.3001
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Windows Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:42 [monitor.exe]
FilePath : C:\Program Files\OLYMPUS\OLYMPUS Master\
ProcessID : 1992
ThreadCreationTime : 10-18-2006 8:16:48 PM
BasePriority : Normal


#:43 [wkcalrem.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\Works Shared\
ProcessID : 1104
ThreadCreationTime : 10-18-2006 8:16:50 PM
BasePriority : Normal
FileVersion : 6.00.1828.1
ProductVersion : 6.00.1828.1
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works Calendar Reminder Service
InternalName : WkCalRem
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WKCALREM.EXE

#:44 [osa.exe]
FilePath : C:\Program Files\Microsoft Office\Office\
ProcessID : 1680
ThreadCreationTime : 10-18-2006 8:16:50 PM
BasePriority : Normal


#:45 [qbdagent2002.exe]
FilePath : C:\Program Files\Intuit\QuickBooks\Components\QBAgent\
ProcessID : 2624
ThreadCreationTime : 10-18-2006 8:16:52 PM
BasePriority : Normal
FileVersion : 10, 1, 0, 0
ProductVersion : 10, 1, 0, 0
ProductName : QuickBooks
FileDescription : QBDAgent Module
InternalName : QBDAgent
LegalCopyright : Copyright © 1999-2002 by Intuit
LegalTrademarks : QuickBooks® and Quicken® are registered trademarks of Intuit Inc.
OriginalFilename : QBDAgent.EXE

#:46 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2124
ThreadCreationTime : 10-18-2006 8:17:17 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:47 [siteadv.exe]
FilePath : C:\Program Files\SiteAdvisor\4144\
ProcessID : 1928
ThreadCreationTime : 10-18-2006 8:17:36 PM
BasePriority : Normal
FileVersion : 1.6.0.23
ProductVersion : 1.6.0.23
ProductName : SiteAdvisor
CompanyName : McAfee, Inc.
FileDescription : SiteAdvisor
InternalName : SiteAdv
LegalCopyright : Copyright McAfee, Inc. All rights reserved.
OriginalFilename : SiteAdv

#:48 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1380
ThreadCreationTime : 10-18-2006 8:32:20 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 39


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:132
Value : Cookie:bev@hitbox.com/
Expires : 10-17-2007 9:04:56 PM
LastSync : Hits:132
UseCount : 0
Hits : 132

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@fastclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bev@fastclick.net/
Expires : 10-16-2008 8:41:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@spylog[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bev@spylog.com/
Expires : 4-7-2007 6:02:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@data.coremetrics[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bev@data.coremetrics.com/
Expires : 10-9-2021 8:31:08 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@citi.bridgetrack[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:17
Value : Cookie:bev@citi.bridgetrack.com/
Expires : 10-11-2007 11:00:00 PM
LastSync : Hits:17
UseCount : 0
Hits : 17

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@adrevolver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bev@media.adrevolver.com/adrevolver/
Expires : 7-9-2009 4:46:20 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@c5.zedo[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bev@c5.zedo.com/
Expires : 10-18-2006
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bev@ads.revsci.net/adserver
Expires : 10-9-2038 8:41:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:bev@atdmt.com/
Expires : 10-13-2011 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@advertising[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:bev@advertising.com/
Expires : 10-16-2011 8:41:34 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@maxserving[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:bev@maxserving.com/
Expires : 10-14-2016 9:04:56 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:bev@live365.com/
Expires : 10-12-2011 10:57:48 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:14
Value : Cookie:bev@doubleclick.net/
Expires : 10-16-2009 8:59:58 PM
LastSync : Hits:14
UseCount : 0
Hits : 14

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@zedo[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:bev@zedo.com/
Expires : 10-14-2016 8:41:30 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@adrevolver[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:bev@adrevolver.com/
Expires : 10-17-2007 1:36:30 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@ehg-dig.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:177
Value : Cookie:bev@ehg-dig.hitbox.com/
Expires : 10-17-2007 9:04:56 PM
LastSync : Hits:177
UseCount : 0
Hits : 177

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : bev@ehg-olympus.hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:18
Value : Cookie:bev@ehg-olympus.hitbox.com/
Expires : 10-9-2007 6:17:58 PM
LastSync : Hits:18
UseCount : 0
Hits : 18

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 56



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@doubleclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\alex\Cookies\alex@doubleclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@ehg-zazzle.hitbox[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\alex\Cookies\alex@ehg-zazzle.hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : alex@hitbox[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\alex\Cookies\alex@hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : murray@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\murray\Cookies\murray@atdmt[2].txt

IBIS Toolbar Object Recognized!
Type : File
Data : A0063522.cfg
TAC Rating : 5
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP668\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 61


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 61




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_tbpssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\currentcontrolset\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : system\controlset001\enum\root\legacy_wintoolssvc

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\explorer
Value : ServerProc

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 4
Objects found so far: 65

3:55:59 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:22:57.31
Objects scanned:188571
Objects identified:26
Objects ignored:0
New critical objects:26

I also got a long list from the RegSrch on Alnet but nothing for 180Solutions:
REGEDIT4
; RegSrch.vbs © Bill James

; Registry search results for string "Alnet" 10/18/2006 7:12:15 PM

; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\realsched.exe]
@="RealNetworks Scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{9E6AF5D5-3516-41c0-91C7-6460D2362198}]
@="RealNetworks Scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67E76F1D-BDE2-4052-913C-2752366192D2}]
@="RealNetworks Scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\pnm]
@="RealNetworks Streaming Protocol"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RealPlayer.HWEventHandler]
@="RealNetworks Scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\RealPlayer.HWEventHandler.1]
@="RealNetworks Scheduler"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences\PluginFilePath]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences\PluginHandlerData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences\PluginHandlerData\DirInfo0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences\PluginHandlerData\FileInfo0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences\PluginHandlerData\PluginInfo0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences\PluginHandlerData\PluginInfo1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Gemini\0.1\Preferences\PluginHandlerData\PluginInfo2]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Msg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Msg\7.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Msg\7.0\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Msg\7.0\Preferences\ClassName]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Msg\7.0\Preferences\LastSetupCommand]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Msg\7.0\Preferences\Title]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences\DT_Codecs]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences\DT_Common]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences\DT_EncSDK]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences\DT_Objbrokr]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences\DT_Plugins]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences\DT_RCAPlugins]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\Preferences\DT_Update_OB]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealBuildEngine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealBuildEngine\8.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealBuildEngine\8.0\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealBuildEngine\8.0\Preferences\Leftovers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealDownload]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealEncoder]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealEncoder\6.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealEncoder\6.0\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealEncoder\6.0\Preferences\Leftovers]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\DisplayName]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\1.0\Preferences\MainApp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\CurrentVersion]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\PluginsToDownload]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\Search Engines]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealJukebox\Search Engines\tcdinfo]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\Bandwidth]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\BufferedPlayTime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\CacheDefaultTTL]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\CacheFilename]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\ExternalResourcesDirectory]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\HTTPProxyAutoConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\HTTPProxySupport]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PerfectPlay]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PerfectPlayTime]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PerfPlayEntireClip]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\DirInfo0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\FileInfo0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\GUIDInfo0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\PluginInfo0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\PluginInfo0]
@="{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612338~Copyright~SCopyright(c) RealNetworks, Inc. 2003-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA AAC Audio Format~FileExtensions~SAAC~FileMime~Saudio/aac~FileOpenNames~S~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saacff.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks G.7xx Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Saudplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/PCMU|audio/L8|audio/L16|audio/G721|audio/PCMA|audio/x-pn-au}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA PCM Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saudplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/x-pn-wav}{IndexNumber~N2~LoadMultiple~N1~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks AU File Format Plugin~FileExtensions~Sau~FileMime~Saudio/x-pn-au|audio/PCMU|audio/L8|audio/L16|audio/G721|audio/G722|audio/G726-24|audio/G726-40|audio/PCMA|audio/basic~FileOpenNames~SAU Files (*.au)~PlgCopy~Shttp://www.real.com~PluginFilename~Saudplin.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA WAVE File Format Plugin~FileExtensions~Swav~FileMime~Saudio/x-pn-wav~FileOpenNames~SWAVE Files (*.wav)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saudplin.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N4~LoadMultiple~N1~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks AIFF File Format Plugin~FileExtensions~Saiff|aif~FileMime~Saudio/x-pn-aiff~FileOpenNames~SAIFF Files (*.aif)~PlgCopy~Shttp://www.real.com~PluginFilename~Saudplin.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N5~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks DVI4 Renderer Plugin~PlgCopy~Shttp://www.real.com~PluginFilename~Saudplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/x-pn-dvi4}{IndexNumber~N6~LoadMultiple~N1~Renderer_Granularity~N50~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix ACM Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Saudplin.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Saudio/x-pn-windows-acm|audio/x-pn-alaw|audio/x-pn-mulaw|audio/x-pn-g723|audio/x-pn-g721}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611681~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA Authentication Manager~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Sauthmgr.dll~PluginType~SPLUGIN_CLASS_FACT}{IndexNumber~N0~LoadMultiple~N1~Version~N0~Copyright~S(c) 2002-2003 RealNetworks, All rights reserved.~Description~SCDDA File System Plug-in~FileProtocol~Scdda~FileShort~Spn-cdda~PlgCopy~Shttp://www.real.com~PluginFilename~Scdda3260.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N0~Copyright~S(c) 2002-2003 RealNetworks, All rights reserved.~Description~SCDA File Format Plug-in~FileExtensions~Scda~FileMime~Sapplication/x-pn-cdaudio~FileOpenNames~SCDA File Format (*.cda)~PlgCopy~Shttp://www.real.com~PluginFilename~Scdda3260.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612129~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004, All rights reserved.~Description~SRealNetworks Basic Authenticator~PlgCopy~Shttp://www.real.com~PluginFilename~Sclbascauth.dll}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610610378~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA External Resource File Reader~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Sclntxres.dll}{IndexNumber~N0~LoadMultiple~N1~Version~N1610614340~Copyright~S(c) 1995-2002 RealNetworks, Inc. All rights reserved.~Description~SRealNetworks Container File System~FileProtocol~Scont~FileShort~Spn-container~PlgCopy~Shttp://www.real.com~PluginFilename~Scont3260.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N0~LoadMultiple~N1~Version~N1610649614~Copyright~S(c) 1995-2003 RealNetworks, Inc. All rights reserved.~Description~SIPod Crypt data source handler~GUIDInfo~S8F8698CE-5AF1-48D2-AF5666DD5707CE4A~PlgCopy~Shttp://www.real.com~PluginFilename~Sfpsechnd.dll~PluginType~SPLUGIN_SOURCE_HANDLER~SOURCE_HANDLER_GUID~S8F8698CE-5AF1-48D2-AF5666DD5707CE4A}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610610721~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA HTTP File System with CHTTP Support~FileProtocol~Shttp|chttp~FileShort~Spn-http~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N1~LoadMultiple~N1~Version~N-1610612736~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA RFC 2397 Data Scheme File System~FileProtocol~Sdata~FileShort~Spn-datafsys~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shttpfsys.dll~PluginType~SPLUGIN_FILE_SYSTEM}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610612223~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA SDP Stream Description Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shxsdp.dll~PluginType~SPLUGIN_STREAM_DESC~StreamDescription~Sapplication/sdp}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610610088~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA XML Parser Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Shxxml.dll~PluginType~SPLUGIN_CLASS_FACT}{IndexNumber~N0~LoadMultiple~N1~Version~N-1610611561~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA JPEG File Format Plugin~FileExtensions~Sjpg|jpeg|jpe|jfif~FileMime~Simage/jpeg~FileOpenNames~SJPEG Images (*.jpg)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Simgrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N1~LoadMultiple~N1~Renderer_Granularity~N100~Version~N-1610611751~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA JPEG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Simgrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-jpegstream}{IndexNumber~N2~LoadMultiple~N1~Version~N-1610611545~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA GIF File Format Plugin~FileExtensions~Sgif~FileMime~Simage/gif~FileOpenNames~SGIF File Format (*.gif)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Simgrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N3~LoadMultiple~N1~Renderer_Granularity~N1000~Version~N-1610611734~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA GIF Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Simgrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-gifstream|application/vnd.rn-gifstream2|application/vnd.rn-gifstream3}{IndexNumber~N4~LoadMultiple~N1~Version~N-1610611564~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA PNG File Format Plugin~FileExtensions~Spng~FileMime~Simage/png~FileOpenNames~SPNG Images (*.png)~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Simgrender.dll~PluginType~SPLUGIN_FILE_FORMAT}{IndexNumber~N5~LoadMultiple~N1~Renderer_Granularity~N200~Version~N-1610611755~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA PNG Renderer Plugin~PlgCopy~Shttp://www.helixcommunity.org~PluginFilename~Simgrender.dll~PluginType~SPLUGIN_RENDERER~RendererMime~Sapplication/vnd.rn-pngstream}{IndexNumber~N6~LoadMultiple~N1~Version~N-1610611566~Copyright~SCopyright(c) RealNetworks, Inc. 1995-2004. All rights reserved. Source code for this program is available under the RealNetworks Public Source License.~Description~SHelix DNA RealPix File Format Plugin~FileExtensions~Srp~FileMime~Sapplication/vnd.rn-realpix|image/vnd.rn-realpix~FileOpenNames~SRealPix (*"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\PluginInfo1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\RealNetworks\RealMediaSDK\6.0\Preferences\PluginHandlerData\
btaplin
Active Member
 
Posts: 5
Joined: September 20th, 2006, 9:05 pm

Unread postby amateur » October 18th, 2006, 10:02 pm

Hi btaplin,

Welcome back. :)

Sorry it took so long to get back to you after my time off. Thanks for being so patient with me through this whole process.
No worries, I am still here.

I deleted all old email (older than September 2005) so I should be free of the March 2005 infected email. I ran Adaware and it showed infected files.
That's good.

Since it has been a while, I would like to have a fresh HijackThis log and new scan results from AVG Anti Spyware 7.5 (formerly known as Ewido) and the Panda online please.

While you were away, Ewido was bought by AVG and it's AVG Anti Spyware 7.5 now. Please go to Add/Remove Programs in your Control Panel and remove Ewido. Then, using Windows Explorer, navigate to locate Ewido folder and delete it.

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

Reboot your computer in Safe Mode using the F8 method below.
a. If the computer is running, shut down Windows, and then turn off the power.
b. Wait 30 seconds, and then turn the computer on.
c. Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
d. Ensure that the Safe Mode option is selected.
e. Press Enter. The computer then begins to start in Safe mode.

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)
      Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

==============================================

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan. (use Internet Explorer)
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Once finished, click see report, then click Save report and save it to your desktop.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry.

===============================================

Thanks
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Nellie2 » November 17th, 2006, 8:33 pm

This topic is now closed due to inactivity. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: Vanilla-krypton and 72 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware