Thread: virsuses
View Single Post
Old 10-11-2005, 05:59 PM   #7 (permalink)
Dmvgal
Registered User
 
Join Date: Nov 2004
Location: new york state
Posts: 55
OS: Windows xp home


I think I have done everything. Here are the logs. They are too long so they will be in 2 posts

ogfile of HijackThis v1.99.1
Scan saved at 7:50:42 PM, on 10/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\Program Files\hijackthis\security suite\ewidoctrl.exe
C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1128096398\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128096398\ee\AOLServiceHost.exe
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Rar$EX00.312\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://newyork.yankees.mlb.com/NASAp...x.jsp?c_id=nyy
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [PCDRealtime] C:\WINDOWS\realtime.exe
O4 - HKLM\..\Run: [Error Nuker 2004] C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe"
O4 - HKLM\..\Run: [VetTray] C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128096398\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [ipea32.exe] C:\WINDOWS\system32\ipea32.exe
O4 - HKLM\..\Run: [winue32.exe] C:\WINDOWS\system32\winue32.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1099174164045
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7CA3D0A3-7E2E-4AAB-A75E-FAB8ECA8BD95} (Skilljam Game Player Object) - http://boxerjam.skilljam.com/ssp/SSP.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab
O16 - DPF: {E6EB803E-DD89-11D3-80C4-0050DA2E09D0} (LightSurfUploadCtl Class) - http://picturecenter.kodak.com/activ...oadControl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/is...06/mcfscan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\hijackthis\security suite\ewidoctrl.exe
O23 - Service: GhostStartService - Symantec Corporation - C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


I

Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\P2P Networking\Clients'
Found '' in 'SOFTWARE\Altnet'
Found '' in 'SOFTWARE\Altnet\Dashboard'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found 'PMversion' in 'SOFTWARE\Altnet\Dashboard'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32'
Found 'ThreadingModel' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{EDD3B3E9-3FFD-4836-A6DE-D4A9C473A971}\1.0\HELPDIR'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\INSTAFINK'
Found '' in 'SOFTWARE\MyWay'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall'
Found '' in 'SOFTWARE\Classes\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}'
Found '' in 'SOFTWARE\Classes\MyWayToolBar.SettingsPlugin.1'
Found '' in 'SOFTWARE\Classes\MyWayToolBar.SettingsPlugin'
Found '' in 'SOFTWARE\Classes\MyWayToolBar.NetscapeStartup.1'
Found '' in 'SOFTWARE\Classes\MyWayToolBar.NetscapeStartup'
Found '' in 'SOFTWARE\Classes\MyWayToolBar.NetscapeShutdown.1'
Found '' in 'SOFTWARE\Classes\MyWayToolBar.NetscapeShutdown'
Found '' in 'SOFTWARE\Classes\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}'
Found '' in 'SOFTWARE\Classes\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}'
Found '' in 'SOFTWARE\Classes\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}'
Found '' in 'SOFTWARE\Classes\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}'
Found '' in 'SOFTWARE\Classes\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}'
Found '' in 'SOFTWARE\Classes\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}'
Found '' in 'SOFTWARE\Classes\Interface\{508EBE65-E39D-4363-8041-E647B4F6F4E1}'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Internet URL Shortcuts
Found 'Ab scissor.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Broadband comparison.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Credit counseling.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Credit report.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Crm software.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Debt credit card.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Escorts.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Fha.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Health insurance.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Help desk software.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Insurance home.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Loan for debt consolidation.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Loan for people with bad credit.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Marketing email.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Mortgage insurance.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Nevada corporations.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Online Betting Site.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Online gambling casino.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Online instant loan.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Order phentermine.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Payroll advance.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Personal loans online.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Personal loans with bad credit.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Prescription Drugs Rx Online.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Refinancing my mortgage.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Tahoe vacation rental.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Unsecured bad credit loans.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'Videos.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Found 'What is hydrocodone.url' in 'C:\Documents and Settings\Owner\Favorites\Sites about\'
Files and Directories
Found '' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\BGP2P'
Found '' in 'C:\Program Files\Kazaa\Db'
Found 'np.tmp' in 'C:\Program Files\Kazaa\Db'
Found '' in 'C:\Program Files\Kazaa\My Shared Folder'
Found '' in 'C:\Program Files\MaxSpeed'
Found '' in 'C:\Program Files\MyWay'
Found '' in 'C:\Program Files\NewDotNet'
Found 'sepsd.bin' in 'C:\WINDOWS'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SOFTWARE\Altnet'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SOFTWARE\Altnet\Dashboard'. Error=5.
Checking for 'C:\Program Files\Kazaa' in shortcut areas.
Checking for 'C:\Program Files\Kazaa' in startup areas.
Cleaning 'C:\Program Files\Kazaa'
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins.htm' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\plugins.htm' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\plugins.htm'
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\versions.dat'
Checking for 'C:\Program Files\Kazaa\data\{025FF639-156F-D499-5053-B52AD31B11ED}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{025FF639-156F-D499-5053-B52AD31B11ED}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{025FF639-156F-D499-5053-B52AD31B11ED}'
Checking for 'C:\Program Files\Kazaa\data\{10239BE6-692B-3EDE-8ED5-B5A9BCEBBAA0}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{10239BE6-692B-3EDE-8ED5-B5A9BCEBBAA0}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{10239BE6-692B-3EDE-8ED5-B5A9BCEBBAA0}'
Checking for 'C:\Program Files\Kazaa\data\{5270E3A8-45ED-82BF-2792-B2D730F5F4CD}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{5270E3A8-45ED-82BF-2792-B2D730F5F4CD}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{5270E3A8-45ED-82BF-2792-B2D730F5F4CD}'
Checking for 'C:\Program Files\Kazaa\data\{89B2F3B1-1FEC-F9BB-D0A7-FD9CC5604955}' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\data\{89B2F3B1-1FEC-F9BB-D0A7-FD9CC5604955}' in startup areas.
Cleaning 'C:\Program Files\Kazaa\data\{89B2F3B1-1FEC-F9BB-D0A7-FD9CC5604955}'
Checking for 'C:\Program Files\Kazaa\Db\ctx4-050323.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ctx4-050323.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ctx4-050323.cab'
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb'
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb'
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat'
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\np.tmp'
Checking for 'C:\Program Files\Kazaa\Db\ova4-050325.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ova4-050325.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ova4-050325.cab'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-050323a.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-050323a.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-050323a.cab'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-050323b.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-050323b.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-050323b.cab'
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tss4.cab'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\02 Number One Spot.wma' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\02 Number One Spot.wma' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\02 Number One Spot.wma'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\04 - Look At Me Now.mp3' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\04 - Look At Me Now.mp3' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\04 - Look At Me Now.mp3'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Akon Trouble 8 Lonely.mp3' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Akon Trouble 8 Lonely.mp3' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\Akon Trouble 8 Lonely.mp3'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\download111227428345394421.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\download111227428345394421.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\download111227428345394421.dat'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\download111227429645408156.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\download111227429645408156.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\download111227429645408156.dat'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Hate It or Love It [G-Unit Remix].wma' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Hate It or Love It [G-Unit Remix].wma' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\Hate It or Love It [G-Unit Remix].wma'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Hush.wma' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\Hush.wma' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\Hush.wma'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa300_en.exe' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa300_en.exe' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\kazaa300_en.exe'
Checking for 'C:\Program Files\Kazaa\BGP2P' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P'
[SCANMODS] The file 'C:\Program Files\Kazaa\BGP2P' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\np.tmp' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\np.tmp'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db\np.tmp' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder'
[SCANMODS] The file 'C:\Program Files\Kazaa\My Shared Folder' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\MaxSpeed' in shortcut areas.
Checking for 'C:\Program Files\MaxSpeed' in startup areas.
Cleaning 'C:\Program Files\MaxSpeed'
Checking for 'C:\Program Files\MyWay' in shortcut areas.
Checking for 'C:\Program Files\MyWay' in startup areas.
Cleaning 'C:\Program Files\MyWay'
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\1.bin\PARTNER.BMP'
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\1.bin\PARTNER.DAT'
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\1.bin\PARTNER2.DAT'
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\1.bin\PARTNER3.DAT'
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\1.bin\PARTNER4.DAT'
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\1.bin\PARTNER5.DAT'
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\1.bin\PARTNER6.DAT'
Checking for 'C:\Program Files\MyWay\myBar\Cache\055C2CAC' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\Cache\055C2CAC' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\Cache\055C2CAC'
Checking for 'C:\Program Files\MyWay\myBar\Cache\0ADFF145.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\Cache\0ADFF145.bin' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\Cache\0ADFF145.bin'
Checking for 'C:\Program Files\MyWay\myBar\Cache\0ADFF26E.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\Cache\0ADFF26E.bin' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\Cache\0ADFF26E.bin'
Checking for 'C:\Program Files\MyWay\myBar\Cache\0ADFF396.bin' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\Cache\0ADFF396.bin' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\Cache\0ADFF396.bin'
Checking for 'C:\Program Files\MyWay\myBar\Cache\files.ini' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\Cache\files.ini' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\Cache\files.ini'
Checking for 'C:\Program Files\MyWay\myBar\History\search' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\History\search' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\History\search'
Checking for 'C:\Program Files\MyWay\myBar\Settings\prevcfg.htm' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\Settings\prevcfg.htm' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\Settings\prevcfg.htm'
Checking for 'C:\Program Files\NewDotNet' in shortcut areas.
Checking for 'C:\Program Files\NewDotNet' in startup areas.
Cleaning 'C:\Program Files\NewDotNet'
Checking for 'C:\WINDOWS\sepsd.bin' in shortcut areas.
Checking for 'C:\WINDOWS\sepsd.bin' in startup areas.
Cleaning 'C:\WINDOWS\sepsd.bin'
Finished Cleaning


ewido security suite - Process report
---------------------------------------------------------

+ Created on: 5:30:01 PM, 10/11/2005
+ Report-Checksum: D0C1CFB2

0: System Process
4: System Process
124: C:\Program Files\hijackthis\security suite\ewidoctrl.exe
152: C:\WINDOWS\system32\nvsvc32.exe
172: C:\PROGRA~1\Symantec\NORTON~1\GHOSTS~2.EXE
216: C:\WINDOWS\System32\svchost.exe
240: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
260: C:\WINDOWS\System32\wdfmgr.exe
288: C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetMsg.exe
332: C:\WINDOWS\system32\dla\tfswctrl.exe
440: C:\WINDOWS\system32\ZoneLabs\vsmon.exe
652: C:\WINDOWS\System32\MsPMSPSv.exe
760: C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
772: C:\WINDOWS\Explorer.EXE
816: C:\WINDOWS\System32\alg.exe
836: \SystemRoot\System32\smss.exe
888: \??\C:\WINDOWS\system32\csrss.exe
908: C:\HP\KBD\KBD.EXE
968: \??\C:\WINDOWS\system32\winlogon.exe
1012: C:\WINDOWS\system32\services.exe
1024: C:\WINDOWS\system32\lsass.exe
1112: C:\Program Files\QuickTime\qttask.exe
1152: C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
1168: C:\Program Files\hijackthis\security suite\SecuritySuite.exe
1240: C:\WINDOWS\system32\svchost.exe
1312: C:\Program Files\Common Files\AOL\1128096398\ee\AOLServiceHost.exe
1332: C:\WINDOWS\system32\svchost.exe
1384: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
1448: C:\Program Files\Common Files\AOL\1128096398\ee\AOLHostManager.exe
1464: C:\WINDOWS\System32\svchost.exe
1568: C:\WINDOWS\System32\svchost.exe
1668: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
1736: C:\WINDOWS\System32\svchost.exe
1908: C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
1916: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
1928: C:\WINDOWS\system32\spoolsv.exe
2008: C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
2028: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
2052: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
2056: C:\WINDOWS\system32\S3apphk.exe
2176: C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
2240: C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
2252: C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe
2436: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
2444: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
2480: C:\Program Files\SpywareGuard\sgmain.exe
2540: C:\Program Files\Common Files\AOL\1128096398\ee\AOLServiceHost.exe
2632: C:\windows\system\hpsysdrv.exe
2648: C:\HP\KBD\KBD.EXE
2664: C:\WINDOWS\system32\dla\tfswctrl.exe
2708: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
2712: C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
2800: C:\WINDOWS\system32\S3apphk.exe
2816: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
2824: C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
2836: C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe
2876: C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
2884: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
2908: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
2944: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
2948: C:\WINDOWS\system32\HPZipm12.exe
2972: C:\Program Files\Error Nuker 2004\bin\ErrorNuker.exe
2980: C:\Program Files\Java\jre1.5.0\bin\jusched.exe
2988: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
2996: C:\PROGRA~1\CA\ETRUST~1\ETRUST~2\VetTray.exe
3004: C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
3020: C:\PROGRA~1\CA\ETRUST~1\ETRUST~3\ca.exe
3044: C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
3056: C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
3080: C:\Program Files\iTunes\iTunesHelper.exe
3088: C:\Program Files\QuickTime\qttask.exe
3096: C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
3164: C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
3172: C:\Program Files\iPod\bin\iPodService.exe
3180: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
3276: C:\Program Files\AIM\aim.exe
3348: C:\Program Files\Common Files\AOL\1128096398\ee\AOLHostManager.exe
3364: C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Anti-Spam\QSP-2.1.212.0\QOELoader.exe
3408: C:\WINDOWS\Explorer.EXE
3440: \??\C:\WINDOWS\system32\csrss.exe
3460: C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
3496: C:\Program Files\Common Files\AOL\1128096398\ee\AOLServiceHost.exe
3604: C:\windows\system\hpsysdrv.exe
3728: \??\C:\WINDOWS\system32\winlogon.exe
3884: C:\Program Files\Java\jre1.5.0\bin\jusched.exe
3904: C:\Program Files\SpywareGuard\sgbhp.exe
3968: C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
Dmvgal is offline