Thread: My HiJack Log
View Single Post
Old 11-30-2005, 06:30 PM   #3 (permalink)
Socha_62
Registered User
 
Join Date: Nov 2005
Posts: 29
OS: XP


Thanks for the help.


Ewino Log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:00:01 PM, 11/30/2005
+ Report-Checksum: 35878D40

+ Scan result:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/abasa5jrp_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/abasa5jrp_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/abasa5jrp_.ini\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/abasa5jrp_.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/hochkaod3_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/hochkaod3_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/hochkaod3_.ini\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/hochkaod3_.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/lkir8l2gm_.dll\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/lkir8l2gm_.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/u6f6uftuc_.exe\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/u6f6uftuc_.exe\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/u6f6uftuc_.ini\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/u6f6uftuc_.ini\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/WEBInstaller.dll\\.Owner -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/CONFLICT.1/WEBInstaller.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dp5000.dll\\.Owner -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/dp5000.dll\\{5053A978-5972-4D8E-BEC7-3E8D4BC6B830} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Spyware.SAHA : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\.DEFAULT\Software\Ceres -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{CA0B9B71-C2AF-11D3-B376-0800460222F0} -> Spyware.iWon : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6685509E-B47B-4F47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\_dsktptr -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\_dsktptr\kkws -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\_dsktptr\ppops -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-21-1417001333-1580818891-1708537768-1008\Software\_dsktptr\ssites -> Spyware.DesktopTraffic : Cleaned with backup
HKU\S-1-5-18\Software\Ceres -> Spyware.BetterInternet : Cleaned with backup
C:\WINDOWS\SYSTEM32\gfggfb -> Trojan.Agent.ic : Cleaned with backup
C:\WINDOWS\SYSTEM32\P2ECOM.dll -> Trojan.P2E.r : Cleaned with backup
C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SYSTEM32\f3PSSavr.scr -> Spyware.MyWebSearch : Cleaned with backup
C:\WINDOWS\STWSI\update.exe -> TrojanDownloader.Dyfuca.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\u6f6uftuc_.ini -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hochkaod3_.exe -> Adware.SAHA : Cleaned with backup
C:\Program Files\MSN Messenger\riched20.dll -> Spyware.MyWebSearch : Cleaned with backup
C:\Program Files\Spybot - Search & Destroy\Includes\Hosts.sbs -> Trojan.Qhost.ew : Cleaned with backup
C:\Program Files\LoveFreeGames\thin.exe -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\371E428B-7900-4DFD-88B2-699F3B\DC3AA90E-DEA9-465D-9B71-A29EB3 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A4601AAC-A77A-49E9-8D92-432559\D3502083-4099-41E9-A2B3-83BE91 -> Trojan.Agent.db : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\7F7EBC32-15A0-412E-B7C9-070791\DDEC1EC9-1207-4AC3-B00F-9B0AD4 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\10D246C2-FA7A-4F41-8CEF-1F5FDE\BC76344D-66DA-49D6-A720-CD60F7 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0C1CC1AE-3E60-4670-8C96-9CBC50\411FDCB0-147B-4DAC-BD63-F98DB9 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\3AF46563-D03D-4259-96E2-CE2DE1\3A4A243A-A831-49A7-A633-9229AF -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8ED6A0B5-5F09-4B9C-91DA-37212C\A83F1EDA-BCDA-4305-B549-797A0E -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\D73611FB-7017-4803-AA93-AEEA73\7D25B307-3943-4146-82EF-5D6643 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\67ED4C58-B3CC-471C-A341-74A802\F8226A18-D7F4-4580-BE1E-B7DC35 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\08509237-1ADF-448F-A661-6CA629\912125B3-798B-4DA8-A823-1BEA92 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\47D73658-665C-4013-B661-E5F3BF\01A1C073-DF61-4961-819B-D9659E -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\AE90648B-FCCF-4C33-869A-B3EEE4\67AA90FF-7A76-42FE-9269-C70214 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\50CFF38C-AFEC-4C34-8DB2-C561C4\3B2C2E96-4170-48B9-8DAF-4A9491 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9C8C0C3E-7061-4D27-BE11-1385BA\75FAAADC-6718-4BAA-A489-A77DFA -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F6177B6C-F285-4284-8143-BA1E3A\523A3A69-C554-4DDA-B87E-D9314C -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\20776D2C-8AFA-44AA-B655-78054B\5141C71F-80FB-4A14-91DF-009B01 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8D3BE8FD-B70F-4780-B479-302C2C\0D2800B9-F357-4B1C-9342-041C45 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5384D5F0-0C5E-467E-AF7D-0FA768\261180B1-F94C-456F-934C-5F5ACD -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A22CF73A-F1ED-4A48-B383-A3D17F\021EC7B4-1C70-4C79-ADD1-DD6B24 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\49B24B36-3C40-4DD2-9BF9-CC3869\39D86E3A-369C-426C-9E66-58F710 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\E8723F47-DFFA-4CB0-92A2-2BF3D4\EA180C1D-7960-4269-917C-8CFBF0 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\8CD263D2-8AB5-4F02-B705-0256CF\CA2C6AC4-982B-4851-BC55-2B342F -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\C6BA0B49-9EA6-4809-BAA4-5EBC5B\37462466-87B1-4476-9148-CECCF6 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\54AB0482-BAF1-468F-99E6-904B93\4DD018A4-9EC1-4BE5-8822-B7F8F6 -> Trojan.Imiserv.c : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\54AB0482-BAF1-468F-99E6-904B93\7B6A3BD2-2E70-4AD9-A263-54C7C4 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\5A4BA9C0-2129-4D32-A8A5-AC7301\12F4444B-596F-4509-80EA-8AE1C1 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\518924A5-DE12-4BDD-96F0-1014B2\166FA975-DD02-4D4D-AF4B-E642C8 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\91C39C9E-F976-405E-B90C-61CC7A\5C061DFD-106E-4E6F-AC43-005AE2 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0AA68CF7-6283-49F7-84FD-EB47CB\60F0612D-56C8-4BB9-818B-889984 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\71C972AE-F657-438D-A40A-84F3D6\66780C50-8266-4451-88AD-8D86E9 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\6E675801-2E74-421C-BB83-891493\5B2F6A04-2544-428B-985E-5DCDC2 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F9A638F1-CB78-44AB-83CA-4BB7F3\62AC3404-F680-4AC1-9390-C716C9 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4494FC44-E80B-479B-B73C-DF129F\6279611D-1914-42DC-9E55-461C12 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A6CE6E09-2426-4FD2-84D6-16A4C0\1B8A9290-0300-4E93-9EBF-54897C -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\BB4F0B83-4644-4D47-9C21-515F7C\01DA5D0C-4088-4423-BDBF-1B3CE8 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\0544D707-E413-4FBF-B11C-E73BC9\4821C50E-9A54-4B0D-8008-FF2E7A -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\69DAFDBF-C05A-4789-88DA-CC14B0\3D27D868-BAC5-4325-B11E-2EBC86 -> Trojan.Agent.ic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\67FF5CCD-B91A-41B5-9E0B-D2A20B\DE9A60EE-54BF-4A40-B46B-66C148 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4F9DAE9A-3726-4EA8-8152-FF4FD7\43354DC4-48DF-4081-BB51-365A2D -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\F75190F6-9D28-4A73-A129-22E6BB\D74F0ED9-9CED-40BB-BB7A-2F5FD4 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\FA53F6E0-7725-4446-A75C-505E53\B55BBFDC-63D5-49F9-8B24-D774C5 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\43A5A773-7735-438D-9649-4173E6\332806F2-868A-4DB4-9619-6D31C1 -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\Jason\My Documents\MsgPlus-221.exe/70000011.exe -> TrojanDownloader.Swizzor.g : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jason\Cookies\jason@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP756\A0107731.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP756\A0108084.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP757\A0108104.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP757\A0108131.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP757\A0109112.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP759\A0109137.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP759\A0109151.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109225.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109310.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109316.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109332.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109340.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109509.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109510.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109520.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109524.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109533.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109566.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109573.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109574.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP761\A0109584.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP762\A0109592.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP762\A0109598.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP762\A0109599.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP763\A0109612.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP763\A0109618.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP763\A0109627.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP764\A0109630.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP764\A0109636.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP765\A0109639.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP765\A0109645.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP765\A0110646.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP766\A0110661.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP766\A0110663.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP767\A0110670.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP767\A0110676.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP767\A0110678.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP770\A0110695.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP770\A0110701.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP771\A0110706.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP772\A0110712.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP772\A0110721.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP772\A0110722.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP772\A0110724.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP772\A0110725.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP773\A0110727.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP773\A0110734.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP773\A0110761.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP773\A0110763.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP773\A0110764.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP774\A0110783.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP774\A0110786.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP774\A0110787.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP774\A0110788.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP775\A0111736.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111737.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111738.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111744.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111745.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111747.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111748.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111756.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP776\A0111760.EXE -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP777\A0111763.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP777\A0111772.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP777\A0111777.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP777\A0111778.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP778\A0111783.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP778\A0111785.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP779\A0111792.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP779\A0111796.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP779\A0111797.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP779\A0111799.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP779\A0111805.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP780\A0111811.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112815.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112816.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112818.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112823.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112832.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112844.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112850.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP781\A0112857.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0112858.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0112876.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0112878.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0112879.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0112883.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0112888.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0112889.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP782\A0113897.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113898.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113907.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113911.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113912.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113914.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113927.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113928.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113933.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113934.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113935.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP783\A0113936.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP785\A0113974.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP785\A0113980.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP785\A0113981.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP785\A0113982.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP786\A0113984.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP786\A0113986.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP786\A0114980.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP787\A0114987.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP787\A0114988.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP787\A0114989.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP788\A0115060.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP788\A0115061.dll -> Trojan.Agent.ic : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP788\A0115062.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP789\A0115070.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP789\A0115071.exe -> Trojan.Poler.a : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP789\A0115080.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{8247BACA-9A17-40B3-B93E-8DFA64C1AB3F}\RP789\A0115085.exe -> Spyware.Hijacker.Generic : Cleaned with backup


::Report End

--------------------------------------------------------------------------

Activesan Log:


Incident Status Location

Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM32\P2ECOM.dll
Spyware:spyware/virtumonde Not disinfected C:\WINDOWS\dpusys.ini
Adware:adware/beginto Not disinfected C:\WINDOWS\SYSTEM32\cache32_dsktptr
Adware:adware/dyfuca Not disinfected C:\WINDOWS\STWSI
Adware:adware/wupd Not disinfected Windows Registry
Dialer:Dialer.B Not disinfected C:\WINDOWS\SYSTEM32\P2ECOM.dll
Adware:Adware/Dyfuca Not disinfected C:\WINDOWS\STWSI\update.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hochkaod3_.ini
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\u6f6uftuc_.ini
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\abasa5jrp_.ini
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\hochkaod3_.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\u6f6uftuc_.exe
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\lkir8l2gm_.dll
Adware:Adware/BrilliantDigitalNot disinfected C:\Program Files\KaZaA Lite\bdcore.dll.updpnd
Adware:Adware/Lop Not disinfected C:\Program Files\Sizesetupooze\part show.exe
Adware:Adware/IWon Not disinfected C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\D34F5AF5-24EB-4F79-B79B-3ACDEF.asq
Adware:Adware/ISearch Not disinfected C:\install.cab
Adware:Adware/ISearch Not disinfected C:\install.cab[initial.inf]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Jason\My Documents\Win MX\Lop-Sucks.exe
Adware:Adware/Lop Not disinfected C:\Documents and Settings\Jason\My Documents\lopremove.exe
Virus:Exploit/CodeBase.A Not disinfected C:\install.htm
-------------------------------------------------------------------------

New HiJackThis! Log

Logfile of HijackThis v1.97.7
Scan saved at 8:28:52 PM, on 11/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\RealVNC\VNC4\winvnc4.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Jason\My Documents\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {029CA12C-89C1-46a7-A3C7-82F2F98635CB} - C:\Program Files\Kontiki\bin\bh309020.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [LexStart] Lexstart.exe
O4 - HKLM\..\Run: [LexmarkPrinTray] PrinTray.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://fpdownload.macromedia.com/get...irector/sw.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1132191013218
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab

--------------------------------------------------------------------------
Socha_62 is offline