Hello Katana,
Here are all the logs from the tasks you asked me to do... hj log, uninstall log, combifix log and totalscan log..... cheers, D
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:14:08, on 13/02/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
C:\Program Files\EzButton\CPLDBL10.EXE
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe
C:\Program Files\lg_fwupdate\fwupdate.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch =
res://C:\PROGRA~1\Toolbar\toolbar.dll/sa
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\Program Files\TOSHIBA\Power Management\CePMTray.exe
O4 - HKLM\..\Run: [CPLDBL10] C:\Program Files\EzButton\CPLDBL10.EXE
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [QuickTime Task] C:\WINDOWS\System32\qttask.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [AS00_Gear511] C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe -hide
O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKCU\..\RunOnce: [] C:\Program Files\Internet Explorer\iexplore.exe
http://www.symantec.com/techsupp/servle ... f.0000004bO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.symantec.com/sscv6/Shar ... vSniff.cabO16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409} (TotalScan Installer Class) -
http://www.nanoscan.com/as/cabs/ascstubie.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://www.update.microsoft.com/windows ... 1122448515O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/Shar ... /cabsa.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://www.update.microsoft.com/microso ... 1123076500O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/softwa ... Plugin.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMe ... loader.cabO20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\acs.exe
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: CeEPwrSvc - COMPAL ELECTRONIC INC. - C:\Program Files\TOSHIBA\Power Management\CeEPwrSvc.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
--
End of file - 6565 bytes
UNINSTALL LOG:
Adobe Flash Player 9 ActiveX
ALPS Touch Pad Driver
ArcSoft PhotoStudio 5.5
Canon CanoScan Toolbox 4.5
Canon iP4200
Canon Setup Utility 2.0
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
CD-LabelPrint
cia
D-Link RangeBooster N 650 DWA-645
DVD Solution
Easy Button
Easy-WebPrint
EndNote 8.0.2
EPSON PhotoQuicker3.5
EPSON Print CD
EPSON PRINT Image Framer Tool2.1
EPSON Printer Software
ESPR200 Reference Guide
ESPR200 Software Guide
FinePixViewer Resource
FinePixViewer Ver.5.1
FUJIFILM USB Driver
Google Earth
HijackThis 2.0.2
iKeyWorks 6.12
ImageMixer for Sony DVD Handycam
ImageMixer VCD for FinePix
ImageMixer VCD2 LE for FinePix
InCD
Intel(R) Extreme Graphics Driver
Internet Explorer Q831167
InterVideo WinDVD 4
ISI ResearchSoft - Export Helper
Java 2 Runtime Environment, SE v1.4.2
Kaspersky Internet Security 7.0
Kaspersky Internet Security 7.0
LG ODD Auto Firmware Update
Logitech Desktop Messenger
Logitech MouseWare 9.78
Logitech Print Service
Logitech QuickCam Software
Logitech Resource Center
Logitech® Camera Driver
Manual CanoScan 3200,3200F
Method Validator
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft Office XP Professional with FrontPage
MicroStaff WINASPI NT
Minitab Release 12
Multimedia Launcher
Nero OEM
NETGEAR 108 Mbps Wireless PC Card WG511T
OmniPage SE 2.0
Paint Shop Pro 7 Anniversary Edition
Panda TotalScan
PIF DESIGNER2.1
PowerDVD
PowerProducer
QuickTime
RAW FILE CONVERTER LE
Realtek AC'97 Audio
Realtek Fast Ethernet Adapter Driver
ScanToWeb
Sibelius Scorch (ActiveX Only)
SMSC IrCC Driver V5.1.2462.0 (WinXP)
Sony DVD Handycam USB Driver
TalkTalk Broadband
TOSHIBA ConfigFree
TOSHIBA Console
TOSHIBA Hotkey Utility
TOSHIBA Manuals
TOSHIBA Power Management Utility
Toshiba screensaver
TOSHIBA Software Modem
TouchPad On/Off Utility
Ulead DVD PictureShow 2 SE Basic
Update for Windows XP (KB898461)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows XP Hotfix - KB822603
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP2) [See Q329048 for more information]
Windows XP Hotfix (SP2) [See q329112 for more information]
Windows XP Hotfix (SP2) [See Q329115 for more information]
Windows XP Hotfix (SP2) [See Q329390 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329170
Windows XP Hotfix (SP2) q329623
Windows XP Hotfix (SP2) Q329834
Windows XP Hotfix (SP2) Q810565
Windows XP Hotfix (SP2) Q810577
Windows XP Hotfix (SP2) Q810583
Windows XP Hotfix (SP2) Q810833
Windows XP Hotfix (SP2) Q811048
Windows XP Hotfix (SP2) Q814033
===================
ComboFix 08-02-13.2 - David 2008-02-13 12:05:20.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.514 [GMT 0:00]
Running from: C:\Documents and Settings\David\Desktop\ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\SideFind
C:\RECYCLER\desktop.ini
C:\setup.exe
.
((((((((((((((((((((((((( Files Created from 2008-01-13 to 2008-02-13 )))))))))))))))))))))))))))))))
.
2008-02-13 11:25 . 2008-02-13 11:25 68,456 --a------ C:\Documents and Settings\David\Application Data\GDIPFONTCACHEV1.DAT
2008-02-12 15:27 . 2008-02-12 15:27 <DIR> d-------- C:\Program Files\Microsoft ActiveSync
2008-02-12 15:26 . 2008-02-12 15:26 <DIR> d-------- C:\WINDOWS\ShellNew
2008-02-12 11:49 . 2008-02-12 11:49 <DIR> d-------- C:\Documents and Settings\David\Application Data\Microsoft Web Folders
2008-02-01 12:12 . 2008-02-01 12:12 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 11:51 . 2008-02-01 11:51 268 --ah-c--- C:\sqmdata01.sqm
2008-02-01 11:51 . 2008-02-01 11:51 244 --ah-c--- C:\sqmnoopt01.sqm
2008-02-01 10:07 . 2008-02-01 10:07 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-02-01 10:06 . 2006-05-26 15:29 999,808 -ra------ C:\WINDOWS\system32\drivers\ar5416.sys
2008-02-01 10:05 . 2008-02-01 10:05 <DIR> d-------- C:\WINDOWS\pcidevice
2008-02-01 10:05 . 2008-02-01 10:05 <DIR> d-------- C:\Program Files\D-Link
2008-01-27 11:16 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-01-27 11:16 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-01-27 11:15 . 2008-01-27 11:15 <DIR> d-------- C:\WINDOWS\system32\bits
2008-01-27 11:13 . 2008-01-28 15:05 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-01-27 11:13 . 2005-02-25 03:35 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-01-23 23:12 . 2008-02-01 08:46 91,700 --a------ C:\WINDOWS\system32\drivers\klin.dat
2008-01-23 23:12 . 2008-01-23 23:12 85,860 --a------ C:\WINDOWS\system32\drivers\klick.dat
2008-01-23 23:11 . 2008-01-23 23:11 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-23 23:11 . 2008-02-13 10:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-01-23 23:11 . 2008-02-13 12:08 3,168,288 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-01-23 23:11 . 2008-02-13 12:08 70,432 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.dat
2008-01-23 23:11 . 2008-02-13 10:55 44,144 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-01-23 23:11 . 2008-02-13 10:55 8,384 --ahs---- C:\WINDOWS\system32\drivers\fidbox2.idx
2008-01-23 23:09 . 2008-01-23 23:09 <DIR> d-------- C:\kav
2008-01-23 22:33 . 2004-02-22 20:08 1,112,347 --a--c--- C:\Geoff & Lisa's Wedding 21st Sept 2002 038.jpg
2008-01-23 21:11 . 2004-07-01 22:08 361,984 --a--c--- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-01-23 21:11 . 2004-07-01 22:08 331,776 --a------ C:\WINDOWS\system32\winhttp.dll
2008-01-23 21:11 . 2004-07-01 22:08 331,776 --a--c--- C:\WINDOWS\system32\dllcache\winhttp.dll
2008-01-23 21:11 . 2004-06-30 23:59 158,720 --------- C:\WINDOWS\system32\xpob2res.dll
2008-01-23 21:11 . 2004-07-01 22:08 17,408 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-01-23 21:11 . 2004-07-01 22:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-01-23 21:11 . 2004-07-01 22:08 7,680 -----c--- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-01-23 21:11 . 2004-07-01 22:08 7,680 --------- C:\WINDOWS\system32\bitsprx2.dll
2008-01-23 21:11 . 2004-07-01 22:08 7,168 -----c--- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-01-23 21:11 . 2004-07-01 22:08 7,168 --------- C:\WINDOWS\system32\bitsprx3.dll
2008-01-23 21:08 . 2007-07-30 19:19 43,352 --a------ C:\WINDOWS\system32\wups2.dll
2008-01-23 21:08 . 2007-07-30 19:18 34,136 --a------ C:\WINDOWS\system32\wucltui.dll.mui
2008-01-23 21:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuaucpl.cpl.mui
2008-01-23 21:08 . 2007-07-30 19:19 25,944 --a------ C:\WINDOWS\system32\wuapi.dll.mui
2008-01-23 21:08 . 2007-07-30 19:18 20,312 --a------ C:\WINDOWS\system32\wuaueng.dll.mui
2008-01-23 19:54 . 2008-01-23 19:54 268 --ah-c--- C:\sqmdata00.sqm
2008-01-23 19:54 . 2008-01-23 19:54 244 --ah-c--- C:\sqmnoopt00.sqm
2008-01-23 19:47 . 2008-01-23 19:47 <DIR> d-------- C:\Documents and Settings\David\Application Data\Ulead Systems
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-13 10:56 --------- d-----w C:\Program Files\lg_fwupdate
2008-02-01 10:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-23 20:19 --------- d-----w C:\Program Files\Google
2008-01-23 19:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-23 19:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-17 12:40 --------- d-----w C:\Documents and Settings\Lisa\Application Data\Symantec
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTITL.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSTEXT.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSTMP.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSPEC.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSSCRP.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSREH_.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSMET_.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRSCHOR.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\RPRS____.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSTEXT.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSSE__.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSS___.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSROMC.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSPC__.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSP___.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSO___.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSNN__.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSM___.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSJAPC.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFS__.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFBE_.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSFB__.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCSC_.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSCS__.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUSC___.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\OPUS____.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INKPEN2_.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2TEXT.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SPEC.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2SCRI.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2METR.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\INK2CHOR.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELST___.FOT
2008-01-06 20:52 1,409 ----a-w C:\WINDOWS\Fonts\HELSS___.FOT
2008-01-06 20:52 --------- d-----w C:\Documents and Settings\Lisa\Application Data\Sibelius Software
2008-01-06 20:51 1,409 ----a-w C:\WINDOWS\Fonts\HELSM___.FOT
2008-01-06 20:51 1,409 ----a-w C:\WINDOWS\Fonts\HELSINKI.FOT
2008-01-06 20:51 --------- d-----w C:\Program Files\Sibelius Software
2008-01-06 16:30 --------- d-----w C:\Documents and Settings\Lisa\Application Data\Lavasoft
2007-12-18 00:44 219,664 ----a-w C:\WINDOWS\system32\klogon.dll
2007-12-18 00:43 23,396 ----a-w C:\WINDOWS\system32\drivers\klopp.dat
2007-12-13 13:28 24,592 ----a-w C:\WINDOWS\system32\drivers\klim5.sys
2005-01-04 21:20 59,120 ----a-w C:\Documents and Settings\Lisa\Application Data\GDIPFONTCACHEV1.DAT
2004-11-13 21:30 99 ----a-w C:\Documents and Settings\Lisa\x.bat
2004-11-13 21:30 99 ----a-w C:\Documents and Settings\Geoff\x.bat
2004-10-01 15:00 40,960 ----a-w C:\Program Files\Uninstall_CDS.exe
2001-04-01 03:00 26,538 -c--a-w C:\Program Files\EXACT2XK.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"@"="C:\Program Files\Internet Explorer\iexplore.exe" [2002-08-29 13:00 91136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2003-05-29 15:26 155648]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2003-05-29 15:14 114688]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-06-18 12:44 151552]
"CeEPOWER"="C:\Program Files\TOSHIBA\Power Management\CePMTray.exe" [2003-07-23 17:03 135168]
"CPLDBL10"="C:\Program Files\EzButton\CPLDBL10.EXE" [2003-07-03 18:34 204800]
"CeEKEY"="C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe" [2003-07-29 15:19 638976]
"TPNF"="C:\Program Files\TOSHIBA\TouchPad\TPTray.exe" [2003-07-18 14:24 49152]
"QuickTime Task"="C:\WINDOWS\System32\qttask.exe" [2003-12-25 13:07 28672]
"Logitech Utility"="Logi_MwX.Exe" [2003-06-30 09:50 19968 C:\WINDOWS\LOGI_MWX.EXE]
"EPSON Stylus Photo R200 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I0H2.exe" [2003-09-11 03:00 99840]
"AS00_Gear511"="C:\Program Files\NETGEAR\WG511SCU\Utility\Gear511.exe" [2003-07-31 02:52 401408]
"LGODDFU"="C:\Program Files\lg_fwupdate\fwupdate.exe" [2005-04-12 10:11 229376]
"LVCOMSX"="C:\WINDOWS\System32\LVCOMSX.EXE" [2004-10-08 11:52 221184]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 21:32 53248]
"AVP"="C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" [2007-12-18 00:43 227856]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]
Wireless Connection Manager.lnk - C:\Program Files\D-Link\D-Link RangeBooster N 650 DWA-645\wirelesscm.exe [2008-02-01 10:05:46 5644288]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^DSLMON.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DSLMON.lnk
backup=C:\WINDOWS\pss\DSLMON.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup=C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easy-PrintToolBox]
--a------ 2004-01-14 01:10 409600 C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iKeyWorks]
--a------ 2003-02-21 16:40 73728 C:\PROGRA~1\A4Tech\Keyboard\Ikeymain.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--------- 2005-07-08 14:25 1397760 C:\Program Files\Ahead\InCD\InCD.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-01-18 17:07 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-01-18 17:47 458752 C:\Program Files\Logitech\Video\ISStart.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-01-18 17:37 217088 C:\Program Files\Logitech\Video\LogiTray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
--------- 2005-06-02 16:03 1957888 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
--a------ 2003-05-08 12:00 49152 C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerBar]
--------- 2004-04-21 10:26 86016 C:\Program Files\CyberLink DVD Solution\Multimedia Launcher\PowerBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-12-08 17:35 32768 C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows ControlAd]
C:\Program Files\Windows ControlAd\WinCtlAd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\XdPULD8]
C:\WINDOWS\tkliwfkt.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]úü‰üžiC:]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]úü‰üžiC:\Program Files]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]úü‰üžiC:\Program Files\ISTsvc]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\¢‰¸u0Ô@ÔÁÐ]úü‰üžiC:\Program Files\ISTsvc\istsvc.exe]
C:\WINDOWS\tkliwfkt.exe
R0 sonypvl2;sonypvl2;C:\WINDOWS\System32\drivers\sonypvl2.sys [2003-07-25 15:02]
R1 sonypvf2;sonypvf2;C:\WINDOWS\System32\drivers\sonypvf2.sys [2004-04-08 11:04]
R1 sonypvt2;sonypvt2;C:\WINDOWS\System32\drivers\sonypvt2.sys [2003-08-20 10:44]
R2 DPortIO;Dritek Port I/O Driver;C:\WINDOWS\System32\Drivers\DPortIO.sys [2001-04-12 14:04]
R3 AWINDIS5;AWINDIS5 Protocol Driver;C:\WINDOWS\System32\AWINDIS5.SYS [2002-04-11 17:43]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\System32\DRIVERS\klim5.sys [2007-12-13 13:28]
R3 TOSHIBASoftModem;TOSHIBA Software Modem;C:\WINDOWS\System32\DRIVERS\LTSM.sys [2002-09-17 14:12]
S1 sonypvd2;sonypvd2;C:\WINDOWS\System32\DRIVERS\sonypvd2.sys [2003-06-24 10:29]
S2 ISEXEng;ISEXEng;C:\WINDOWS\System32\angelex.exe []
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;C:\WINDOWS\System32\DRIVERS\Amps2prt.sys []
S3 NETGEAR_WG511_SERVICE;NETGEAR WG511T Wireless Adapter Service;C:\WINDOWS\System32\DRIVERS\wg511nd5.sys [2003-06-20 13:47]
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2008-02-13 12:08:41
Windows 5.1.2600 Service Pack 1 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-13 12:09:47
ComboFix-quarantined-files.txt 2008-02-13 12:09:32
.
2008-01-27 11:15:22 --- E O F ---
============================================
TOTALSCAN LOG:
;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-02-13 14:10:22
PROTECTIONS: 0
MALWARE: 99
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00000431 adware/ist.istbar Adware No 1 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\istsvc
00001888 adware/dyfuca Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\internet optimizer
00020302 adware/ncase Adware No 0 Yes No c:\temp\salm_kyf.dat
00020302 adware/ncase Adware No 0 Yes No c:\temp\salmau.dat
00020302 adware/ncase Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sais
00020302 adware/ncase Adware No 0 Yes No c:\temp\fleok
00020942 adware/exact.bargainbuddy Adware No 0 Yes No c:\windows\system32\vx1x.nls
00020942 adware/exact.bargainbuddy Adware No 0 Yes No c:\windows\system32\vx1.nls
00020942 adware/exact.bargainbuddy Adware No 0 Yes No c:\windows\system32\vx3.nls
00020942 adware/exact.bargainbuddy Adware No 0 Yes No c:\windows\system32\vx3x.nls
00020942 adware/exact.bargainbuddy Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\bargainbuddy
00020942 adware/exact.bargainbuddy Adware No 0 Yes No hkey_local_machine\system\controlset001\services\isexeng
00020942 adware/exact.bargainbuddy Adware No 0 Yes No hkey_local_machine\system\currentcontrolset\services\isexeng
00020942 adware/exact.bargainbuddy Adware No 0 Yes No c:\windows\system32\vx0.nls
00027660 adware/savenow Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{618be527-b7f5-417c-bc51-98fdc2d6de61}
00034463 adware/wupd Adware No 0 Yes No hkey_local_machine\software\windows controlad
00034463 adware/wupd Adware No 0 Yes No c:\program files\windows controlad
00035917 adware/ist.sidefind Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\sidefind
00039209 adware/virtualbouncer Adware No 0 Yes No c:\program files\vbouncer
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\clsid\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\clsid\{310cc549-4541-46a9-940f-52b342a6e682}
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\system\controlset001\enum\root\legacy_wintoolssvc
00040415 adware/wintools Adware No 0 Yes No HKEY_CLASSES_ROOT\Interface\{d1951679-1d52-43fc-9585-0737143585f5}
00040415 adware/wintools Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{310cc549-4541-46a9-940f-52b342a6e682}
00040415 adware/wintools Adware No 0 Yes No HKEY_LOCAL_MACHINE\software\classes\CLSID\{8b0fa130-0c3d-4cb1-aeb7-2c29da5509a3}
00040415 adware/wintools Adware No 0 Yes No c:\documents and settings\all users\start menu\programs\web search tools
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\tbps.plugininst
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\tbps.plugindown
00040415 adware/wintools Adware No 0 Yes No hkey_local_machine\software\classes\tbps.plugininst
00040415 adware/wintools Adware No 0 Yes No hkey_classes_root\tbps.plugindown
00040467 adware/elitebar Adware No 1 Yes No hkey_local_machine\software\ohbbackup
00040467 adware/elitebar Adware No 1 Yes No c:\windows\downloaded program files\osdeb.osd
00045952 spyware/media-motor Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{ad29366c-63aa-4ff3-944f-91ad7193bca2}
00045952 spyware/media-motor Spyware No 1 Yes No HKEY_CLASSES_ROOT\Interface\{674A6BD5-317A-49CF-9647-1E085E660CE0}
00047660 adware/sqwire Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\tsa
00047993 adware/powerscan Adware No 0 Yes No c:\program files\power scan
00048498 adware/topconvert Adware No 1 Yes No c:\program files\topconverting
00048546 adware/searchrelevancy Adware No 0 Yes No hkey_local_machine\software\searchrelevancy
00125133 Spyware/Media-motor Spyware No 1 Yes No C:\WINDOWS\LastGood\Downloaded Program Files\mm21.INF
00125133 Spyware/Media-motor Spyware No 1 Yes No C:\WINDOWS\Downloaded Program Files\CONFLICT.1\mm21.INF
00132742 Adware/IST.ISTBar Adware No 1 Yes No C:\WINDOWS\LastGood\Downloaded Program Files\istactivex.inf
00139059 Cookie/Traffic Marketplace TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@trafficmp[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@casalemedia[1].txt
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@casalemedia[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@doubleclick[1].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@atdmt[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@atdmt[2].txt
00144497 Cookie/Intelli-tracker TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@www.intelli-tracker[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@tradedoubler[1].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@tradedoubler[1].txt
00145396 Cookie/Slotch TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@www.slotch[2].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@247realmedia[1].txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@247realmedia[1].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@bfast[2].txt
00145453 Cookie/Bfast TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@bfast[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@fastclick[2].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@fastclick[2].txt
00145466 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@servedby.advertising[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@tribalfusion[2].txt
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@tribalfusion[2].txt
00145732 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@as-eu.falkag[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@mediaplex[1].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@mediaplex[1].txt
00147824 Cookie/Clickbank TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@clickbank[1].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@revenue[2].txt
00159564 Cookie/WUpd TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@revenue[2].txt
00160284 Cookie/Findwhat TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@findwhat[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@com[2].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@com[2].txt
00167670 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@seeq[1].txt
00167671 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@domainsponsor[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@landing.domainsponsor[1].txt
00167672 Cookie/DomainSponsor TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@landing.domainsponsor[1].txt
00167690 Cookie/Rightmedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@rightmedia[2].txt
00167691 Cookie/ademails TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@www.ademails[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@xiti[1].txt
00167704 Cookie/Xiti TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@xiti[1].txt
00167733 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@z1.adserver[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@statcounter[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@statcounter[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@counter.hitslink[2].txt
00167760 Cookie/Hitslink TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@counter.hitslink[2].txt
00167765 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@hg1.hitbox[1].txt
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@www.web-stat[1].txt
00167774 Cookie/web-stat TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@www.web-stat[1].txt
00167790 Cookie/Qsrch TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@qsrch[2].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@perf.overture[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@perf.overture[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@ad.yieldmanager[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@apmebf[1].txt
00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@burstnet[1].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@serving-sys[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@serving-sys[1].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@bs.serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@bs.serving-sys[1].txt
00168095 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@888[1].txt
00168102 Cookie/Falkag TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@as1.falkag[1].txt
00168106 Cookie/Weborama TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@weborama[1].txt
00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@adtech[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@server.iad.liveperson[2].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@server.iad.liveperson[1].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@stat.onestat[2].txt
00168114 Cookie/onestat.com TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@stat.onestat[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@advertising[2].txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@advertising[1].txt
00169287 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@adrevolver[2].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@statse.webtrendslive[1].txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@statse.webtrendslive[1].txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@ads.pointroll[1].txt
00170550 Cookie/Humanclick TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@hc2.humanclick[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@overture[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@overture[1].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@realmedia[1].txt
00171633 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@cgi-bin[2].txt
00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@questionmarket[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\David\Cookies\david@zedo[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@zedo[2].txt
00172483 Cookie/888 TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@888[2].txt
00172484 Cookie/Cassava TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@cassava[1].txt
00173480 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\RECYCLER\S-1-5-21-2517080302-2525449139-3568871726-1005\Dc4\bb_welcome.html
00173484 Adware/Exact.BargainBuddy Adware No 0 Yes No C:\RECYCLER\S-1-5-21-2517080302-2525449139-3568871726-1005\Dc4\icon.gif
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@bluestreak[2].txt
00173520 Cookie/Bluestreak TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@bluestreak[1].txt
00173905 Cookie/Xmts TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@xmts[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@phg.hitbox[1].txt
00182104 Cookie/Hitbox TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@phg.hitbox[1].txt
00184846 Cookie/Adrevolver TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@adrevolver[3].txt
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@bravenet[2].txt
00187951 Cookie/seeqA TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@www.seeq[1].txt
00199981 Cookie/Seeq TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@www48.seeq[1].txt
00199982 Cookie/Buydomains TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@www47.buydomains[1].txt
00199983 Cookie/Valueclick TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@valueclick[1].txt
00199984 Cookie/Searchportal TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@searchportal.information[1].txt
00207712 Cookie/360i TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@ct.360i[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@did-it[2].txt
00207862 Cookie/did-it TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@did-it[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Guest\Cookies\guest@adviva[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@adviva[1].txt
00207936 Cookie/Adviva TrackingCookie No 0 Yes No C:\Documents and Settings\Geoff\Cookies\geoff@adviva[2].txt
00216065 Cookie/Screensavers TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@i.screensavers[2].txt
00239129 Bat/Ydos Virus/Trojan No 0 Yes No C:\WINDOWS\system32\x.bat
00239129 Bat/Ydos Virus/Trojan No 0 Yes No C:\Documents and Settings\Lisa\x.bat
00239129 Bat/Ydos Virus/Trojan No 0 Yes No C:\Documents and Settings\Geoff\x.bat
00249100 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@cgi-bin[3].txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@atwola[2].txt
00293517 Cookie/AdDynamix TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@ads.addynamix[2].txt
00783492 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{1B16EE2E-9342-4425-8B41-1D61C85150F7}\RP322\A0060010.exe
01185375 Application/Psexec.A HackTools No 0 Yes No C:\System Volume Information\_restore{1B16EE2E-9342-4425-8B41-1D61C85150F7}\RP337\A0062944.EXE
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\David\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No C:\Documents and Settings\David\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\System Volume Information\_restore{1B16EE2E-9342-4425-8B41-1D61C85150F7}\RP337\A0062967.com
01262593 Application/NirCmd.A HackTools No 0 Yes No C:\WINDOWS\Nircmd.exe
01606636 Cookie/Adserver TrackingCookie No 0 Yes No C:\Documents and Settings\Lisa\Cookies\lisa@adserver.easyad[2].txt
02830496 Generic Malware Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-2517080302-2525449139-3568871726-1005\Dc2\Sy1150\Html\f_popo1150c_ub.htm
02839209 Generic Malware Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-2517080302-2525449139-3568871726-1005\Dc2\Sy1150\Html\popo1150c.htm
02839400 Generic Malware Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-2517080302-2525449139-3568871726-1005\Dc2\Sy1150\Html\spec1150c.htm
02839485 Generic Malware Virus/Trojan No 0 Yes No C:\RECYCLER\S-1-5-21-2517080302-2525449139-3568871726-1005\Dc2\Sy1150\Html\foot1150c_ub.htm
;===================================================================================================================================================================================
SUSPECTS
Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
------ end of Totalscan Report ----------