OK........ Here are the Ewido Log followed by the latest HijackThis Log,
both obtained as you suggested. Upon final reboot from Safe Mode,
however, I could not resist three prompts from Ewido to remove three Trojans, so I had Ewido do a remove/clean. Thus, the HijackThis log does NOT show the 'eliteyub32.exe' registry entry that was there before. I had 295 'infections' in my Ewido Log, however, so there is more to clean up. I very much appreciate your suggestion about the Ewido Suite... it's sweet.
So, do I just use Ewido to clean/remove all infected files? Thank you again.
So, here are the logs mentioned above:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:38:44 PM, 6/24/2005
+ Report-Checksum: F366703A
+ Date of database: 6/24/2005
+ Version of scan engine: v3.0
+ Duration: 101 min
+ Scanned Files: 133455
+ Speed: 21.85 Files/Second
+ Infected files: 295
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
+ Scan result:
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\rnkt.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@85517197[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@adopt.hotbar[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@bfast[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@citi.bridgetrack[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@counter2.hitslink[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@dcswhhs4tpljwp5jjudlnp3nh_5i7r[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@ehg-kodak.hitbox[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@empnads.valuead[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@exitexchange[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@fastclick[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@server.iad.liveperson[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@targetnet[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@www.eadexchange[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@www.shopathomeselect[2].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> Spyware.Tracking-Cookie -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\common.dll -> Spyware.WebSearch.aj -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\drp1B.tmp\thnall2c.exe -> Spyware.BetterInternet -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\f960437.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\installer_MARKETING18.exe -> TrojanDownloader.Adload.a -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\nst8B.EXE -> Spyware.SmartPops -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\pcs_0002.exe -> Spyware.Pacer.b -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\pcs_0006.exe -> Spyware.Pacer.b -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\ptf_0002.exe -> Spyware.Pacer -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\ptf_0015.exe -> Spyware.Pacer -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\TBPS.exe -> Spyware.WebSearch.aj -> Ignored
C:\Documents and Settings\Owner\Local Settings\Temp\THI3042.tmp\elitetrp.exe -> Spyware.EliteBar.ac -> Ignored
C:\Program Files\FwBarTemp\searchbar.exe -> TrojanDownloader.VB.eu -> Ignored
C:\Program Files\WeirdOnTheWeb\weirdontheweb.exe -> Spyware.WeirWeb -> Ignored
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Spyware.Pacer -> Ignored
C:\RECYCLER\NPROTECT\00338118.EXE -> TrojanDownloader.Qoologic.n -> Ignored
C:\RECYCLER\NPROTECT\00338184.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\RECYCLER\NPROTECT\00339467 -> Spyware.BookedSpace -> Ignored
C:\RECYCLER\NPROTECT\00339480 -> Spyware.BookedSpace -> Ignored
C:\RECYCLER\NPROTECT\00340010 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340011 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340012 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340013 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340014 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340015 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340016 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340018 -> Spyware.Apropos -> Ignored
C:\RECYCLER\NPROTECT\00340027 -> Spyware.Apropos.f -> Ignored
C:\RECYCLER\NPROTECT\00340877.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\RECYCLER\NPROTECT\00340882.exe -> TrojanDownloader.Small.aly -> Ignored
C:\RECYCLER\S-1-5-21-1822439336-3719885985-2111342016-1003\Dc507\hijackthisUnzipped\backups\backup-20050604-111058-825.dll -> Spyware.SmartPops -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP913\A0047074.exe -> TrojanDownloader.Wintool.e -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP914\A0047139.exe -> Spyware.WebSearch -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP914\A0047140.dll -> Spyware.WebSearch.aa -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP915\A0047163.exe -> Spyware.WebSearch.ac -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP915\A0047166.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP915\A0047203.exe -> Spyware.WebSearch.ac -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP915\A0047216.dll -> Spyware.WebSearch.aa -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP915\A0047217.exe -> Spyware.WebSearch.ac -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047286.exe -> TrojanDownloader.Small.abd -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047288.exe -> Spyware.VirtualBouncer.c -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047293.exe -> TrojanDropper.Agent.hh -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047294.exe -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047307.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047310.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047315.exe -> Spyware.WebSearch.ac -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047318.EXE -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047321.exe -> Spyware.WebSearch.ac -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047368.EXE -> Spyware.Sahat.o -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047373.exe -> Spyware.WebSearch.ac -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP917\A0047375.dll -> Spyware.WebSearch.aa -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP921\A0048804.exe -> Spyware.Pacer.e -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP922\A0049079.exe -> Spyware.Pacer.e -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP923\A0049369.exe -> TrojanDownloader.Dyfuca.dx -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP923\A0049386.EXE -> TrojanDropper.Agent.hl -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP924\A0049426.exe -> Spyware.Pacer.e -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP926\A0049597.DLL -> Spyware.Sahat.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP932\A0050920.exe -> Spyware.Pacer -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP932\A0050924.exe -> TrojanDownloader.Adload.a -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP932\A0050925.exe -> TrojanDownloader.Small.abd -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP933\A0050945.exe -> TrojanDownloader.Agent.hw -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP933\A0050948.exe -> TrojanDownloader.VB.eu -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP933\A0050950.exe -> TrojanDropper.Agent.hh -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP933\A0050951.exe -> Spyware.WildTangent.DownloadWare -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP933\A0050954.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP934\A0050971.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP935\A0050984.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0050999.exe -> Spyware.VirtualBouncer.c -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051002.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051037.exe -> Trojan.Popmon.a -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051038.dll -> Spyware.DealHelper.ab -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051039.DLL -> Backdoor.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051040.exe -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051041.exe -> TrojanDropper.Agent.kd -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051042.exe -> TrojanDropper.Agent.hh -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP937\A0051048.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP938\A0051061.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP938\A0051096.EXE -> Spyware.VirtualBouncer.j -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP938\A0051098.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP939\A0051107.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP940\A0051112.dll -> TrojanDownloader.Apropo.w -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP940\A0051113.exe -> TrojanDownloader.Apropo.r -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP940\A0051119.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP941\A0051169.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP941\A0051241.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP941\A0051242.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP942\A0051245.exe -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP942\A0051246.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP943\A0051252.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051268.exe -> TrojanDownloader.Wintool.e -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051269.exe -> Spyware.Sahat.m -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051270.exe -> Spyware.Apropos.i -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051317.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051338.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051345.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051346.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051374.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051400.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP945\A0051412.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP947\A0051423.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP947\A0051428.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP947\A0051440.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP947\A0051456.exe -> TrojanDownloader.VB.eu -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP947\A0051494.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP948\A0051502.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP949\A0051719.exe -> Spyware.DealHelper.ac -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP949\A0051720.exe -> Trojan.Popmon.a -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP949\A0051721.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP949\A0051735.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP949\A0051740.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP949\A0051742.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP950\A0051746.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP950\A0051747.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP950\A0051748.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP950\A0051750.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP950\A0051751.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP950\A0051752.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP950\A0051753.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051797.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051798.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051799.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051801.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051802.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051803.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051804.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051838.exe -> TrojanDownloader.VB.eu -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051858.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051861.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051862.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051863.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051871.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051876.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051881.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051882.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP951\A0051900.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051933.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051938.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051939.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051942.exe -> TrojanDownloader.Small.akz -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051950.EXE -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051952.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051953.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051964.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051982.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051987.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP952\A0051994.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP953\A0052004.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP954\A0052010.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP954\A0052033.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP954\A0052070.EXE -> Spyware.Hijacker.Generic -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP954\A0052093.exe -> Spyware.Pacer -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP955\A0052111.exe -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP955\A0052115.exe -> Trojan.Stervis.c -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP955\A0052116.exe -> Trojan.Nail -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP955\A0052117.EXE -> Spyware.BetterInternet -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP955\A0052129.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052143.dll -> Spyware.BookedSpace -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052149.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052150.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052151.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052152.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052154.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052155.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052156.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP956\A0052169.exe -> TrojanDownloader.Small.abd -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052193.vxd -> Spyware.MediaPass -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052195.EXE -> Spyware.MediaPass -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052197.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052198.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052199.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052200.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052202.DLL -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052203.EXE -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052204.DLL -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052206.EXE -> TrojanDropper.Agent.hl -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052210.exe -> TrojanDownloader.Small.apm -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052217.exe -> Spyware.Pacer -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP957\A0052222.DLL -> Spyware.EliteBar.af -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP959\A0052251.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP959\A0052252.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP959\A0052253.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP959\A0052254.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP959\A0052256.DLL -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP959\A0052257.EXE -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP959\A0052258.DLL -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP960\A0052267.EXE -> Spyware.Adstart -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP960\A0052269.exe -> Spyware.Adstart.b2 -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP969\A0052356.dll -> TrojanDownloader.Qoologic.n -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP970\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP971\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP972\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052442.cpl -> TrojanDropper.Win32.Small.wc -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052444.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052445.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052446.dll -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052447.exe -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052449.DLL -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052450.EXE -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052451.DLL -> Trojan.Pakes -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052470.EXE -> Spyware.Adstart -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052504.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\A0052506.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP973\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP974\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP975\A0052558.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP975\A0052567.DLL -> Spyware.SmartPops -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP975\snapshot\MFEX-1.DAT -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP982\A0053878.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP983\A0053932.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP984\A0053977.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP985\A0054000.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP989\A0054094.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP991\A0054125.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\System Volume Information\_restore{0A438C3B-A487-4C6D-850C-C76CC3327FD0}\RP991\A0054144.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\Temp\EDow.exe -> TrojanDownloader.Wintool.e -> Ignored
C:\Temp\sahagent-cdt1004.exe -> Spyware.Sahat.m -> Ignored
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace.e -> Ignored
C:\WINDOWS\dgerojhb.exe -> Spyware.BookedSpace.e -> Ignored
C:\WINDOWS\sideb.exe -> Spyware.EliteBar.z -> Ignored
C:\WINDOWS\SYSTEM\jnkki.exe -> TrojanDownloader.Small.ayh -> Ignored
C:\WINDOWS\SYSTEM32\20007.exe -> Spyware.WildTangent.DownloadWare -> Ignored
C:\WINDOWS\SYSTEM32\cdmdownld\itpwxmlcfa.exe -> Spyware.SmartPops -> Ignored
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\0LYB8PAR\protector_update[1].exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6QENFBH5\protector_update[1].exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Ignored
C:\WINDOWS\SYSTEM32\dbnorad.exe -> TrojanDownloader.Qoologic.q -> Ignored
C:\WINDOWS\SYSTEM32\eliteate32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitedrb32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitedze32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\eliteehz32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitefep32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\eliteidr32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitejgk32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitelvx32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitemar32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitenbw32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\eliteplv32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitersu32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitesai32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitesbo32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\eliteuja32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitevbs32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitexas32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitexix32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\elitexut32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\eliteyub32.exe -> Spyware.Hijacker.Generic -> Ignored
C:\WINDOWS\SYSTEM32\exp.exe -> TrojanDownloader.Small.abd -> Ignored
C:\WINDOWS\SYSTEM32\GSM2.exe -> Trojan.Registrator.b -> Ignored
C:\WINDOWS\SYSTEM32\HookPopup.dll -> Spyware.DealHelper.ab -> Ignored
C:\WINDOWS\SYSTEM32\installer_MARKETING18.exe -> TrojanDownloader.Adload.a -> Ignored
C:\WINDOWS\SYSTEM32\kdcyrc.exe -> Spyware.Adstart -> Ignored
C:\WINDOWS\SYSTEM32\kdcyrd.exe -> Spyware.Adstart -> Ignored
C:\WINDOWS\SYSTEM32\kdcyrf.exe -> Spyware.Adstart.b2 -> Ignored
C:\WINDOWS\SYSTEM32\main.exe -> TrojanDownloader.Agent.hw -> Ignored
C:\WINDOWS\SYSTEM32\ozighxo.dll -> TrojanDownloader.Qoologic.q -> Ignored
C:\WINDOWS\SYSTEM32\pacis.exe -> Spyware.Pacer.a -> Ignored
C:\WINDOWS\SYSTEM32\pop2.exe -> Spyware.MediaPass -> Ignored
C:\WINDOWS\SYSTEM32\psoft1.exe -> Spyware.Pacer.a -> Ignored
C:\WINDOWS\SYSTEM32\Qhblzj.exe -> Spyware.DealHelper.ac -> Ignored
C:\WINDOWS\SYSTEM32\redit.cpl -> TrojanDownloader.Qoologic.p -> Ignored
C:\WINDOWS\SYSTEM32\rtneg2.dll -> Spyware.Beginto.c -> Ignored
C:\WINDOWS\SYSTEM32\saie1108.exe -> Spyware.180solutions -> Ignored
C:\WINDOWS\SYSTEM32\SSK_B5 Verticlick 7.EXE -> TrojanDropper.Small.wd -> Ignored
C:\WINDOWS\SYSTEM32\supdate.dll -> TrojanDownloader.Qoologic.p -> Ignored
C:\WINDOWS\SYSTEM32\tool2_667279.exe -> Spyware.Beginto.c -> Ignored
C:\WINDOWS\SYSTEM32\uvknmz.exe -> TrojanDownloader.Qoologic.n -> Ignored
C:\WINDOWS\SYSTEM32\wintask.exe -> TrojanDownloader.Small.abd -> Ignored
C:\WINDOWS\SYSTEM32\wpavb.dat -> TrojanDownloader.Qoologic.n -> Ignored
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent.b -> Ignored
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 6:45:27 PM, on 6/24/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\PROGRA~1\NORTON~1\WinFax\WFXMOD32.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe
C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\PopUpBuster\popupbuster.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Nikon\NkView4\NkVwMon.exe
C:\Program Files\Microsoft Office\Office10\msoffice.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://google.com
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [USB] C:\WINDOWS\system32\usb.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [WFXSwtch] C:\PROGRA~1\NORTON~1\WinFax\WFXSWTCH.exe
O4 - HKLM\..\Run: [checktime] c:\program files\HPSelect\Frontend\ct.exe
O4 - HKLM\..\Run: [DVDBitSet] "C:\Program Files\HP CD-DVD\Umbrella\DVDBitSet.exe" /NOUI
O4 - HKLM\..\Run: [DVDTray] "C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [WorkFlowTray] "C:\Program Files\ScanSoft\OmniPagePro14.0\WorkFlowTray.exe"
O4 - HKLM\..\Run: [Opware14] "C:\Program Files\ScanSoft\OmniPagePro14.0\Opware14.exe"
O4 - HKLM\..\Run: [OpScheduler] "C:\Program Files\ScanSoft\OmniPagePro14.0\OpScheduler.exe"
O4 - HKLM\..\Run: [PDF Converter Registry Controller] "C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\RegistryController.exe"
O4 - HKLM\..\Run: [SSPrnAgent] C:\Program Files\ScanSoft\OmniPagePro14.0\PdfPrn\SPrnAgent.exe
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe -CheckReg
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PopUp Buster+] C:\Program Files\PopUpBuster\popupbuster.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Spyware Cleaner] "C:\Program Files\Spyware Cleaner\SpywareCleaner.Exe" /boot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkVwMon.exe.lnk = C:\Program Files\Nikon\NkView4\NkVwMon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print -
res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Open PDF in Word -
res://C:\Program Files\ScanSoft\OmniPagePro14.0\PdfCnv\IEShellExt.dll /100
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe
O9 - Extra 'Tools' menuitem: Kill popup - {0A9F8624-4221-4508-9636-69ABD753695A} - C:\Program Files\PopUpBuster\popupbuster.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid= ... lcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -
https://www-secure.symantec.com/techsup ... SupCtl.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -
http://us.i1.yimg.com/us.yimg.com/i/cha ... acscom.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupdate.microsoft.com/v ... 5227135562
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsup ... mAData.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IncrediMail) -
http://www5.incredimail.com/contents/se ... loader.cab
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper Home Edition\DKService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SpywareCleanerService - Unknown owner - C:\Program Files\Spyware Cleaner\SCService.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE