Three scan's... followed to the letter;
Rapport.txt;
SmitFraudFix v2.177
Scan done at 21:32:44.18, 08/05/2007
Run from F:\Documents and Settings\Home PC\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost #***Inserted By STOPzilla***
127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
127.0.0.1 600pics.com # ***Inserted By STOPzilla***
127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 absolutepics.net # ***Inserted By STOPzilla***
127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla***
127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1 barteros.net # ***Inserted By STOPzilla***
127.0.0.1 best4all.net # ***Inserted By STOPzilla***
127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla***
127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
127.0.0.1 clickfast.biz # ***Inserted By STOPzilla***
127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
127.0.0.1 code.trasferimento.biz # ***Inserted By STOPzilla***
127.0.0.1 command.adservs.com # ***Inserted By STOPzilla***
127.0.0.1 content.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 content.exetraffic.com # ***Inserted By STOPzilla***
127.0.0.1 content2.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1 cumhereteens.com # ***Inserted By STOPzilla***
127.0.0.1 cyber-search.biz # ***Inserted By STOPzilla***
127.0.0.1 ddh24.com # ***Inserted By STOPzilla***
127.0.0.1 dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1 dnv-counter.com # ***Inserted By STOPzilla***
127.0.0.1 download.abetterinternet.com # ***Inserted By STOPzilla***
127.0.0.1 download.accessmedia.tv # ***Inserted By STOPzilla***
127.0.0.1 download.jupitersatellites.biz # ***Inserted By STOPzilla***
127.0.0.1 exeloads.info # ***Inserted By STOPzilla***
127.0.0.1 faccesborrate.com # ***Inserted By STOPzilla***
127.0.0.1 flavinha.com # ***Inserted By STOPzilla***
127.0.0.1 forlink.biz # ***Inserted By STOPzilla***
127.0.0.1 fullbizzone.com # ***Inserted By STOPzilla***
127.0.0.1 game4all.biz # ***Inserted By STOPzilla***
127.0.0.1 get-access.host.sk # ***Inserted By STOPzilla***
127.0.0.1 go-pic.com # ***Inserted By STOPzilla***
127.0.0.1 granjerascachondas.com # ***Inserted By STOPzilla***
127.0.0.1 heretofind.com # ***Inserted By STOPzilla***
127.0.0.1 hqthumbz.com # ***Inserted By STOPzilla***
127.0.0.1 it.online-more.com # ***Inserted By STOPzilla***
127.0.0.1 krovalidajop.com # ***Inserted By STOPzilla***
127.0.0.1 l.mezzicodec.net # ***Inserted By STOPzilla***
127.0.0.1 lust-mature.com # ***Inserted By STOPzilla***
127.0.0.1 mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
127.0.0.1 mmm.elitemediagroup.net # ***Inserted By STOPzilla***
127.0.0.1 more-pages.com # ***Inserted By STOPzilla***
127.0.0.1 morteen.net # ***Inserted By STOPzilla***
127.0.0.1 moviecsodecs.com # ***Inserted By STOPzilla***
127.0.0.1 msmn.com # ***Inserted By STOPzilla***
127.0.0.1 musah.info # ***Inserted By STOPzilla***
127.0.0.1 netincap.com # ***Inserted By STOPzilla***
127.0.0.1 newsh.com # ***Inserted By STOPzilla***
127.0.0.1 niuqennaois.com # ***Inserted By STOPzilla***
127.0.0.1 nude-teen-bodies.com # ***Inserted By STOPzilla***
127.0.0.1 onlyhotlinks.com # ***Inserted By STOPzilla***
127.0.0.1 on-search.com # ***Inserted By STOPzilla***
127.0.0.1 picshunter.us # ***Inserted By STOPzilla***
127.0.0.1 picslab.com # ***Inserted By STOPzilla***
127.0.0.1 prevedtraf.biz # ***Inserted By STOPzilla***
127.0.0.1 promo.dollarrevenue.com # ***Inserted By STOPzilla***
127.0.0.1 redirect.msupdate.net # ***Inserted By STOPzilla***
127.0.0.1 rogalik.net # ***Inserted By STOPzilla***
127.0.0.1 search4www.com # ***Inserted By STOPzilla***
127.0.0.1 search-biz.biz # ***Inserted By STOPzilla***
127.0.0.1 searchforit.com # ***Inserted By STOPzilla***
127.0.0.1 searchx.cc # ***Inserted By STOPzilla***
127.0.0.1 sex-pics.biz # ***Inserted By STOPzilla***
127.0.0.1 sexyfaceplace.com # ***Inserted By STOPzilla***
127.0.0.1 snow410.info # ***Inserted By STOPzilla***
127.0.0.1 software.topinstalls.com # ***Inserted By STOPzilla***
127.0.0.1 sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1 surubanet.com # ***Inserted By STOPzilla***
127.0.0.1 teadis.net # ***Inserted By STOPzilla***
127.0.0.1 teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1 teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1 teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1 traff5all.biz # ***Inserted By STOPzilla***
127.0.0.1 traffbest.biz # ***Inserted By STOPzilla***
127.0.0.1 traffbucks.biz # ***Inserted By STOPzilla***
127.0.0.1 traffmoney.biz # ***Inserted By STOPzilla***
127.0.0.1 ukstories.net # ***Inserted By STOPzilla***
127.0.0.1 ultra-search.biz # ***Inserted By STOPzilla***
127.0.0.1 uniq-soft.com # ***Inserted By STOPzilla***
127.0.0.1 vivisexy.com # ***Inserted By STOPzilla***
127.0.0.1 wearehosters.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.0websearch.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.600pics.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.all-tgp.org # ***Inserted By STOPzilla***
127.0.0.1
http://www.all-websearch.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.bailefunk.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.best4all.net # ***Inserted By STOPzilla***
127.0.0.1
http://www.besthardcore.net # ***Inserted By STOPzilla***
127.0.0.1
http://www.bundleware.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.burnsrecyclinginc.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.coolwebsearch.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.dedmazai.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.flavinha.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.granjerascachondas.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.heretofind.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.hqthumbz.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.lust-mature.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.mikos.paraisoasiatico.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.more-pages.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.msmn.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.msnwm.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.newsh.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.nude-teens-bodies.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.onli-ne.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.onlyhotlinks.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.on-search.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.picshunter.us # ***Inserted By STOPzilla***
127.0.0.1
http://www.picslab.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.procounter.biz # ***Inserted By STOPzilla***
127.0.0.1
http://www.search4www.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.searchforit.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.searchx.cc # ***Inserted By STOPzilla***
127.0.0.1
http://www.sex-pics.biz # ***Inserted By STOPzilla***
127.0.0.1
http://www.sp2admin.biz # ***Inserted By STOPzilla***
127.0.0.1
http://www.spamcatchero.biz # ***Inserted By STOPzilla***
127.0.0.1
http://www.surubanet.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.teen-biz.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.teen-fantazi.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.teenygirlshome.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.traff4ppc.biz # ***Inserted By STOPzilla***
127.0.0.1
http://www.vivisexy.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.voghp.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.wearehosters.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.ysbweb.com # ***Inserted By STOPzilla***
127.0.0.1
http://www.zgallery.us # ***Inserted By STOPzilla***
127.0.0.1
http://www.zonebest.com # ***Inserted By STOPzilla***
127.0.0.1 ybbwxlxytz.biz # ***Inserted By STOPzilla***
127.0.0.1 yepjnddqpq.biz # ***Inserted By STOPzilla***
127.0.0.1 yhvoo.eseconsult.info # ***Inserted By STOPzilla***
127.0.0.1 yougoodheer.com # ***Inserted By STOPzilla***
127.0.0.1 ysbweb.com # ***Inserted By STOPzilla***
127.0.0.1 z-advertise.com # ***Inserted By STOPzilla***
127.0.0.1 zchxsikpgz.biz # ***Inserted By STOPzilla***
127.0.0.1 zgallery.us # ***Inserted By STOPzilla***
127.0.0.1 zonebest.com # ***Inserted By STOPzilla***
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{7F871561-25B4-4694-95E0-8D7FFB470567}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7F871561-25B4-4694-95E0-8D7FFB470567}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7F871561-25B4-4694-95E0-8D7FFB470567}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
AVG Spyware Scan;
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 22:20:28 08/05/2007
+ Scan result:
F:\Program Files\HbTools\HBTV\uninstaller.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4C7BFA3B-2596-4FB3-A36D-55336C134842}\RP81\A0022264.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{192C5B4A-3EFD-40C7-9F99-C472DEB8EFC0} -> Adware.Generic : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\Cml.exe -> Adware.HotBar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtCoreSrv.dll -> Adware.HotBar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtGuard.exe -> Adware.HotBar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtHostOE.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtHostOL.dll -> Adware.HotBar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtInstIE.dll -> Adware.HotBar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtOEAddOn.exe -> Adware.HotBar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtSrv.exe -> Adware.Hotbar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtToolbar.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\Bin\4.8.4.0\HbtWallpaper.dll -> Adware.Hotbar : Cleaned with backup (quarantined).
F:\Program Files\HbTools\HBTV\HBTVHelper.dll -> Adware.HotBar : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4C7BFA3B-2596-4FB3-A36D-55336C134842}\RP70\A0019566.exe -> Adware.HotBar : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4C7BFA3B-2596-4FB3-A36D-55336C134842}\RP81\A0022263.dll -> Adware.HotBar : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4C7BFA3B-2596-4FB3-A36D-55336C134842}\RP82\A0022384.exe -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.HbtCoreServices\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtCoreSrv.LfgAx\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtMailAnim\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtHostOL.HbtWebmailSend\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtSrv.HbtCoreServices\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtHtmlMenuUI\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl.1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl\CLSID -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\HbtToolbar.HbtToolbarCtl\CurVer -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\Install -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\MachineInfo -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\Mail -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\PI -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\HbTools\Upgrade -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\Install -> Adware.HotBar : Cleaned with backup (quarantined).
HKLM\SOFTWARE\HbTools\Install\CmpMap -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Common -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Common\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Common\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\EUI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\HtmlPPP -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\ImagesHistory -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Install -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\MachineInfo -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\MultiUrl -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\PI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\PI\3.2 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\keren -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\nobbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\salespartion -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg860 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg861 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg887 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg888 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg889 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg910 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg914 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg915 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg940 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg941 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg942 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg943 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg946 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg947 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg948 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg955 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg956 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Sample\Hist\sg957 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\UserInfo -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\Weather -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\dynamicFail -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\links -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\mail -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\options -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HbTools\updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Install -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Install\Icons -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Install\Links -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Time\HostIE -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Time\HostIE\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Time\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Time\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Time\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\Time\HostOL\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\hostol -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\hostol\Mail -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\hostol\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-1801674531-329068152-2146984249-1003\Software\HbTools\hostol\soho -> Adware.HotBar : Cleaned with backup (quarantined).
::Report end
HiJackThis Scan;
Logfile of HijackThis v1.99.1
Scan saved at 22:22:02, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
F:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
F:\WINDOWS\system32\nvsvc32.exe
F:\WINDOWS\system32\svchost.exe
F:\Program Files\Common Files\Real\Update_OB\realsched.exe
F:\WINDOWS\system32\ctfmon.exe
F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
F:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
F:\Program Files\Hijackthis\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - F:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar1.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - F:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe" -quiet
O8 - Extra context menu item: &eBay Search -
res://F:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -
http://a1540.g.akamai.net/7/1540/52/200 ... plugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://earlofsabden.spaces.live.com//Ph ... nPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftup ... 5940666000
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) -
http://www.superadblocker.com/activex/sabspx.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) -
http://static.photobox.co.uk/sg/common/uploader_uni.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WgaLogon - F:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - F:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - F:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - F:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - F:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: MpService - Canon Inc - F:\Program Files\Canon\MultiPASS4\MPSERVIC.EXE
O23 - Service: NBService - Nero AG - F:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OwnershipProtocol - Unknown owner - F:\Program Files\Intel\Wireless\Bin\OProtSvc.exe (file missing)
Thanks..... Neil.