Thread: smsse.exe not found, RPC Error and Continual Pop Ups
View Single Post
Old 01-14-2006, 07:49 AM   #4 (permalink)
TomWescott
Registered User
 
Join Date: Jan 2006
Posts: 10
OS: Windows XP SP2


Not sure if I got the Kaspersky right or not as it only offered online virus scanner and nothing on that scanner said if it fixed the problems or not..

Sorry it took so long. And I want to say thanks for the help you are giving.

Kaspersky Log
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, January 14, 2006 08:36:10
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 14/01/2006
Kaspersky Anti-Virus database records: 161292
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 111918
Number of viruses found: 42
Number of infected objects: 213
Number of suspicious objects: 1
Duration of the scan process: 7453 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Administrator\Local Settings\Temp\temp.fr52C8 Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\xgij.exe Infected: Trojan-Downloader.Win32.Qoologic.be
C:\Documents and Settings\Owner\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\!update-3195[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.be
C:\Program Files\apsi\wtta.exe Infected: Trojan-Downloader.Win32.PurityScan.be
C:\Program Files\Norton AntiVirus\Quarantine\014D0C44.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\02EF60A9.exe Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton AntiVirus\Quarantine\03EF0554.exe Infected: Trojan-Downloader.Win32.Apropo.u
C:\Program Files\Norton AntiVirus\Quarantine\05953A81.pif Infected: Trojan-Downloader.BAT.Ftp.z
C:\Program Files\Norton AntiVirus\Quarantine\0598647E.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\059B0E7A.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\059F3876.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\05A26273.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\05A50C6F.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\05A8366C.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\05AC6068.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\05AF0A64.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\080E0BC8.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\08562779 Infected: Trojan-Downloader.BAT.Ftp.c
C:\Program Files\Norton AntiVirus\Quarantine\090358BB.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\095F04C3.exe Infected: Trojan-Downloader.Win32.Apropo.ai
C:\Program Files\Norton AntiVirus\Quarantine\0A993FAA.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\0B980FA2.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\0D7600D5.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\0E7645EB.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\128168AA.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton AntiVirus\Quarantine\128168AA.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Program Files\Norton AntiVirus\Quarantine\14D146D5.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\15674996.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\15841A47.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\168D4651.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\18BB17EC.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\1A0601E9.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\1CA46C43.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\23C43E3E.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\24D76F8D.tmp Infected: Trojan-Downloader.VBS.Psyme.x
C:\Program Files\Norton AntiVirus\Quarantine\25963DE8.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\2790251C.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\312779E7.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\3179040A.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\399F6004.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\39ED4FAE.dll Infected: Trojan-Downloader.Win32.Apropo.ah
C:\Program Files\Norton AntiVirus\Quarantine\39ED4FAE.exe Infected: Trojan-Downloader.Win32.Apropo.ab
C:\Program Files\Norton AntiVirus\Quarantine\39F423A6.exe Infected: Trojan-Dropper.Win32.Agent.hv
C:\Program Files\Norton AntiVirus\Quarantine\3A014B98.exe Infected: Trojan-Downloader.Win32.Dyfuca.du
C:\Program Files\Norton AntiVirus\Quarantine\402703D2.exe Infected: Backdoor.Win32.IRCBot.az
C:\Program Files\Norton AntiVirus\Quarantine\44EE7B99.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\47E41349.exe Infected: Trojan-Downloader.Win32.Adload.k
C:\Program Files\Norton AntiVirus\Quarantine\482C2EFA.exe Infected: Trojan-Downloader.Win32.Small.cdo
C:\Program Files\Norton AntiVirus\Quarantine\4A1957AE.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\4B1827A6.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\4C0F4D95.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\4C18779E.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\50AB3A01.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\5258398D.exe Infected: Trojan-Downloader.Win32.Adload.k
C:\Program Files\Norton AntiVirus\Quarantine\52D45175.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton AntiVirus\Quarantine\543E23EA.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\5CD42E92.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\5FCE5FE9.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\68FC2323.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\6B5F1BE7.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\6D390AF0.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\74595CEC.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\752517B3.exe Infected: Net-Worm.Win32.Sasser.d
C:\Program Files\Norton AntiVirus\Quarantine\7B6A1A57.exe Infected: Backdoor.Win32.Rbot.gen
C:\Program Files\Norton AntiVirus\Quarantine\7E62172F.exe Infected: Trojan-Downloader.Win32.Adload.k
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP47\A0046906.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP47\A0046907.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP47\A0046908.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP47\A0046909.dll Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP47\A0046910.exe Infected: Trojan.Win32.Crypt.t
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP47\A0046911.sys Suspicious: Rootkit.Win32.Agent.ao
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP47\A0046958.exe Infected: Trojan-Downloader.Win32.PurityScan.au
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP49\A0048112.exe Infected: Trojan-Downloader.Win32.Small.cdo
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP49\A0048116.exe Infected: Trojan-Dropper.Win32.Agent.abb
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP49\A0048119.exe Infected: Trojan-Downloader.Win32.Small.cdo
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP49\A0048124.exe Infected: Trojan-Downloader.Win32.Small.cdo
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP71\A0051134.exe Infected: Trojan-Downloader.Win32.PurityScan.bb
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP71\A0052136.exe Infected: Trojan-Downloader.Win32.Qoologic.al
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP71\A0052143.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP71\A0052144.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP71\A0052146.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP71\A0052148.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052188.exe Infected: Trojan-Downloader.Win32.Adload.k
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052311.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052312.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052313.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052328.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052331.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052333.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052334.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052350.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052351.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052352.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052367.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052368.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052370.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052384.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052385.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052387.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052403.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052404.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP72\A0052405.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP74\A0052432.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP74\A0052434.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP74\A0052435.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP74\A0052457.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP74\A0052459.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP74\A0052460.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP74\A0052462.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP75\A0052475.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP75\A0052689.exe Infected: Trojan-Downloader.Win32.Adload.k
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP75\A0052690.exe Infected: Trojan-Downloader.Win32.Adload.k
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP75\A0052694.exe Infected: Trojan-Downloader.Win32.Small.cdo
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP76\A0052699.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP76\A0052700.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP76\A0052701.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP76\A0052702.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052718.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052719.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052721.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052722.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052733.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052735.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052736.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052737.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052761.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052762.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052763.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052764.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052783.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052784.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052785.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052786.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052797.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052798.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052799.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP77\A0052800.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP78\A0052884.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP78\A0052885.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP78\A0052887.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP78\A0052890.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP90\A0053419.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP90\A0053422.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP90\A0053424.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056681.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056683.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056684.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056685.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056776.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056777.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056778.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP92\A0056779.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP93\A0056809.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP93\A0056810.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP93\A0056811.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP93\A0056812.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP94\A0056854.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP94\A0056855.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP94\A0056856.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP94\A0056857.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056917.exe Infected: Trojan.Win32.LowZones.am
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056928.exe Infected: Trojan-Downloader.Win32.PurityScan.ax
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056931.exe Infected: Trojan.Win32.Favadd.o
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056936.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056941.dll Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056943.dll Infected: Trojan-Downloader.Win32.Qoologic.ae
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056956.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056957.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056958.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056982.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056983.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056984.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0056998.exe Infected: Trojan-Dropper.Win32.Agent.aac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057000.exe Infected: Trojan-Dropper.Win32.Agent.aac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057009.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057011.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057014.exe Infected: Trojan-Dropper.Win32.Agent.afl
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057026.exe Infected: Trojan-Dropper.Win32.Small.qn
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057030.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057030.exe Infected: Trojan-Clicker.Win32.Small.jf
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057032.cpl Infected: Trojan-Downloader.Win32.Qoologic.ad
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057126.exe Infected: Trojan-Downloader.Win32.Adload.k
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057128.exe Infected: Trojan-Downloader.Win32.Agent.aaf
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057129.exe Infected: Trojan-Downloader.Win32.Small.buy
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057138.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057145.exe Infected: Trojan-Downloader.Win32.Agent.aaf
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057147.exe Infected: Trojan-Dropper.Win32.Juntador.c
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057150.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057151.exe Infected: Trojan-Downloader.Win32.TSUpdate.o
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057153.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057154.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057162.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP95\A0057163.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057258.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057259.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057260.exe Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057343.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057344.dll Infected: Trojan-Downloader.Win32.Qoologic.ac
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057373.exe Infected: Trojan-Downloader.Win32.Qoologic.be
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057375.exe Infected: Trojan-Downloader.Win32.Qoologic.be
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057376.dll Infected: Trojan-Downloader.Win32.Qoologic.be
C:\System Volume Information\_restore{07067F02-601B-445E-AF8E-8602C05A674E}\RP96\A0057377.dll Infected: Trojan-Downloader.Win32.Qoologic.be
C:\WINDOWS\system32\cmd.ftp Infected: Trojan-Downloader.BAT.Ftp.u
C:\WINDOWS\system32\crtpes15.dll Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\epanuii.dll Infected: Trojan-Downloader.Win32.Qoologic.be
C:\WINDOWS\system32\fdcdbjj.exe Infected: Trojan-Downloader.Win32.Qoologic.be
C:\WINDOWS\system32\frlwk.dll Infected: Trojan-Downloader.Win32.Qoologic.be
C:\WINDOWS\system32\GS_SilentSudokuInstaller.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk
C:\WINDOWS\system32\GS_SilentSudokuInstaller.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk
C:\WINDOWS\system32\GS_SilentSudokuInstaller.exe Infected: Trojan-Dropper.Win32.VB.kk
C:\WINDOWS\system32\pbvky.dat Infected: Trojan-Downloader.Win32.Qoologic.be
C:\WINDOWS\system32\queecsvc.dll Infected: Trojan.Win32.Crypt.t
C:\WINDOWS\system32\wrkcop.exe Infected: Trojan-Downloader.Win32.Qoologic.be

Scan process completed.

##############################################################

Ewido Log

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:36:52 PM, 1/13/2006
+ Report-Checksum: 3AD97EBF

+ Scan result:

HKLM\SOFTWARE\Classes\drs.n -> Adware.Searchforit : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Cleaned with backup
HKU\S-1-5-18\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
[2036] C:\WINDOWS\system32\skgsdff.dll -> Downloader.Qoologic.ac : Cleaned with backup
[844] C:\WINDOWS\system32\skgsdff.dll -> Downloader.Qoologic.ac : Error during cleaning
C:\Documents and Settings\Owner\Desktop\eins005.exe -> Downloader.Adload.k : Cleaned with backup
C:\freecontentz.exe -> Spyware.CrazyWin : Cleaned with backup
C:\Program Files\Cas2Stub\cas2stub.exe -> Downloader.Agent.aaf : Cleaned with backup
C:\Program Files\InetGet2\MTE3MTk6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\Program Files\System Files\plugin.dll -> Adware.CASClient : Cleaned with backup
C:\Program Files\whInstall -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\license.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\readme.txt -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\Sporder.dll -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\webhdll.dll -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.exe -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whAgent.ini -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whiehlpr.dll -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whInstaller.exe -> Adware.Webhancer : Cleaned with backup
C:\Program Files\whInstall\whSurvey.exe -> Adware.Webhancer : Cleaned with backup
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Downloader.Small.cdo : Cleaned with backup
C:\Program Files\Yazzle Sudoku\Sudoku.exe -> Dropper.VB.kk : Cleaned with backup
C:\WINDOWS\dikwkyfe.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\dlgb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2112NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned with backup
C:\WINDOWS\hfogqipf.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\justin.exe -> Adware.EZula : Cleaned with backup
C:\WINDOWS\mynexus.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\system\sngsh35.dll -> Spyware.AdBlaster : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> Downloader.Agent.aaf : Cleaned with backup
C:\WINDOWS\system32\mdie.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\mpsetup.exe -> Backdoor.Pest.31 : Cleaned with backup
C:\WINDOWS\system32\ngsh35.dll -> Spyware.AdBlaster : Cleaned with backup
C:\WINDOWS\system32\nsz18.dll -> Adware.EZula : Cleaned with backup
C:\WINDOWS\system32\pbvky.dat -> Downloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Spyware.RK : Cleaned with backup
C:\WINDOWS\system32\sate.exe -> Downloader.IstBar : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\ts.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\WINDOWS\wh.exe/whAgent.exe -> Spyware.WebHancer : Cleaned with backup


::Report End

##############################################################

HiJack This Log

Logfile of HijackThis v1.99.1
Scan saved at 6:47:37 PM, on 1/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\S3apphk.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\System32\l?gonui.exe
C:\Program Files\America Online 7.0\aoltray.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
C:\PROGRA~1\HPCENT~1\137903\Program\BACKWE~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\SoftwareDistribution\Download\dca9d8a1ecbaf4bd0e18d083156f30c9\update\update.exe
G:\Sherilyn's Computer\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.iglide.net/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {DB4D32DD-ED6D-22D6-25D2-D3C84203C374} - C:\WINDOWS\ghbosuyv.dll (file missing)
R3 - URLSearchHook: (no name) - {DA55BCA6-7763-089E-1647-2850A65762C2} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {DA55BCDD-7760-72EE-1646-2B50D65062C6} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PreloadApp] c:\hp\drivers\printers\photosmart\hphprld.exe c:\hp\drivers\printers\photosmart\setup.exe -d
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [S3apphk] S3apphk.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\l4dsds.exe reg_run
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Creative Detector] C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - HKCU\..\Run: [Zero Knowledge Freedom] C:\Program Files\Zero Knowledge\Freedom\Freedom.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000122.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: hp center UI.lnk = C:\Program Files\hp center\137903\Shadow\ShadowBar.exe
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: HPAiODevice(hp officejet v series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet v series\Bin\hpoant07.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mid: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.elitemediagroup.net
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
TomWescott is offline