Thread: Sisters laptop - So much malware, random BSOD, you name it.
View Single Post
Old 10-22-2006, 02:06 PM   #3 (permalink)
scott2004
Registered User
 
Join Date: Sep 2004
Location: Liverpool
Posts: 192
OS: XP


Send a message via MSN to scott2004
Thank you very much Deckard. I had to do everything except for the very last HJT log in safe mode because the random blue screen of death is still happening.

Here are the logs:

Toni - 06-10-22 18:17:25.09 Service Pack 2
ComboFix 06.10.19 - Running from: "C:\Documents and Settings\Toni\Desktop"

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))

REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{E77BE46D-F644-4CDC-B2DB-1E3F3ED8A555}\InprocServer32]
@="C:\\WINDOWS\\system32\\Ilvu9_32.dll"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}]
@=""

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{66D5A557-DA88-4F1C-836D-5891274219A8}\InprocServer32]
@="C:\\WINDOWS\\system32\\ootext32.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\system32\fpl6033se.dll
C:\WINDOWS\system32\jtjm0711e.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\Toni\Application Data\Dxcdmns.dll
C:\Documents and Settings\Toni\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\drsmartload1135a.exe
C:\WINDOWS\drsmartload2.dat
C:\dfndrff_e23.exe
C:\dfndrff_e34.exe
C:\drsmartload.exe
C:\drsmartload45a45a45s.exe
C:\deskbar.exe
C:\deskbar_e21.exe
C:\deskbar_e26.exe
C:\deskbar_e29.exe
C:\deskbar_e31.exe
C:\kybrdff_e23.exe
C:\kybrdff_e24.exe
C:\kybrdff_e26.exe
C:\kybrdff_e27.exe
C:\kybrdff_e30.exe
C:\kybrdff_e34.exe
C:\MTE3NDI6ODoxNg.exe
C:\MTE3NDI6ODoxNgnew.exe
C:\MTE3NDI6ODoxNgV2.exe
C:\nwnmff_e23.exe
C:\nwnmff_e24.exe
C:\nwnmff_e26.exe
C:\nwnmff_e27.exe
C:\nwnmff_e30.exe
C:\nwnmff_e34.exe
C:\warebundlenewer.exe
C:\mte3ndi6odoxng.exe
C:\RDFX4.exe
C:\Installer4.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Program Files\Deskbar
C:\Program Files\network monitor
C:\Program Files\Common Files\{3C415282-063C-1033-0607-05080220002c}
C:\Program Files\Common Files\{5C415282-063B-1033-0607-05080220002c}
C:\Program Files\Common Files\{5C415282-063C-1033-0607-05080220002c}
C:\WINDOWS\VG9uaQ


((((((((((((((((((((((((((((((( Files Created from 2006-09-22 to 2006-10-22 ))))))))))))))))))))))))))))))))))


2006-10-21 17:56 20,480 --a------ C:\mc44a34.exe
2006-10-20 17:13 520,192 --a------ C:\WINDOWS\system32\CddbPlaylist2Sony.dll
2006-10-18 11:50 352,256 --a------ C:\WINDOWS\system32\ijl15.dll
2006-10-18 11:32 212,480 --------- C:\WINDOWS\pcdlib32.dll
2006-10-17 18:54 52,161 --a------ C:\Documents and Settings\Toni\mt-uninstaller.exe
2006-10-12 16:44 69,165 --a------ C:\pp4ico.exe
2006-10-06 11:05 0 --a------ C:\tyeoh.exe
2006-10-06 11:03 0 --a------ C:\teqnsq.exe
2006-10-06 11:01 0 --a------ C:\pmmbhym.exe
2006-10-06 10:56 0 --a------ C:\ffgwmpsk.exe
2006-10-06 10:54 176,640 --a------ C:\Documents and Settings\Toni\Yinstall.exe
2006-10-06 10:54 115,947 --a------ C:\Documents and Settings\Toni\mny.exe
2006-10-05 21:28 0 --a------ C:\ovvpecjh.exe
2006-10-05 21:27 76,288 --a------ C:\ccreenfd.exe
2006-10-05 21:24 0 --a------ C:\otwlkons.exe
2006-10-05 21:21 7,680 --a------ C:\Documents and Settings\Toni\loadadv455.exe
2006-10-05 21:21 16,384 --a------ C:\Documents and Settings\Toni\drsmartload1135a.exe
2006-10-05 21:21 115,712 --a------ C:\Documents and Settings\Toni\c.exe
2006-10-05 21:17 77,312 --a------ C:\jttsdgjj.exe
2006-10-05 21:17 32,768 --a------ C:\DXC9.exe
2006-10-05 21:16 20,480 --a------ C:\WINDOWS\c.exe
2006-09-29 14:41 68,204 --------- C:\WINDOWS\system32\drivers\StMp3Rec.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

Rootkit driver pe386 is present. A rootkit scan is required

2006-10-22 18:18 -------- d-a------ C:\Program Files\Common Files
2006-10-22 18:13 -------- d-------- C:\Program Files\Mozilla Firefox
2006-10-21 18:25 9594 --a------ C:\Documents and Settings\Toni\Application Data\wklnhst.dat
2006-10-21 17:54 -------- d-------- C:\Program Files\Hijackthis
2006-10-21 02:34 -------- d-------- C:\Program Files\LimeWire
2006-10-21 02:34 -------- d-------- C:\Program Files\Incomplete
2006-10-20 17:12 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-10-20 17:12 -------- d-------- C:\Program Files\Sony
2006-10-19 16:40 -------- d-------- C:\Program Files\Windows Live Safety Center
2006-10-18 12:33 -------- d-------- C:\Program Files\IrfanView
2006-10-18 12:33 -------- d-------- C:\Program Files\Google
2006-10-18 11:50 -------- d-------- C:\Program Files\Chameleon Systems
2006-10-18 11:32 -------- d-------- C:\Program Files\Serif
2006-10-17 13:30 -------- d---s---- C:\Documents and Settings\Toni\Application Data\Microsoft
2006-10-11 20:16 -------- d-------- C:\Documents and Settings\Toni\Application Data\IM-Names
2006-10-10 13:57 -------- d-------- C:\Program Files\MessengerPlus! 3
2006-10-10 13:57 -------- d-------- C:\Program Files\Adverts
2006-10-10 13:57 -------- d-------- C:\Documents and Settings\Toni\Application Data\BLAH NEW
2006-10-06 22:55 -------- d-------- C:\Program Files\MSN Messenger
2006-10-03 17:15 -------- d-------- C:\Program Files\VCW VicMan's Photo Editor
2006-09-08 15:06 -------- d-------- C:\Program Files\FinePixViewer
2006-08-21 13:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 10:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-16 12:58 100352 --a------ C:\WINDOWS\system32\6to4svc.dll
2006-07-27 14:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PadTouch"="C:\\Program Files\\TOSHIBA\\Touch and Launch\\PadExe.exe"
"SVPWUTIL"="C:\\Program Files\\Toshiba\\Windows Utilities\\SVPWUTIL.exe SVPwUTIL"
"HWSetup"="C:\\Program Files\\TOSHIBA\\TOSHIBA Applet\\HWSetup.exe hwSetUP"
"TOSHIBA Accessibility"="C:\\Program Files\\TOSHIBA\\Accessibility\\FnKeyHook.exe"
"TPNF"="C:\\Program Files\\TOSHIBA\\TouchPad\\TPTray.exe"
"Tvs"="C:\\Program Files\\TOSHIBA\\Tvs\\TvsTray.exe"
"IS CfgWiz"="C:\\Program Files\\Norton Internet Security\\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE \"REBOOT\""
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Zooming"="ZoomingHook.exe"
"UStorag"="c:\\program files\\belkin u-storage tools2.96\\ustorage.exe sys_auto_run C:\\Program Files\\Belkin U-Storage Tools2.96"
"TPSMain"="TPSMain.exe"
"TCtryIOHook"="TCtrlIOHook.exe"
"svshost"="C:\\WINDOWS\\system32\\jlfjgenh\\svshost.exe"
"SvcManager"="iexploer4.exe"
"SsAAD.exe"="C:\\PROGRA~1\\Sony\\SONICS~1\\SsAAD.exe"
"snpstd"="C:\\WINDOWS\\vsnpstd.exe"
"SmoothView"="C:\\Program Files\\TOSHIBA\\TOSHIBA Zooming Utility\\SmoothView.exe"
"REGSHAVE"="C:\\Program Files\\REGSHAVE\\REGSHAVE.EXE /AUTORUN"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NDSTray.exe"="NDSTray.exe"
"MyWebSearch Email Plugin"="C:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\mwsoemon.exe"
"My Web Search Bar"="rundll32 C:\\PROGRA~1\\MYWEBS~1\\bar\\3.bin\\MWSBAR.DLL,S"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"IMprocess"="C:\\Program Files\\IM Names\\IM-svr.EXE"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CFSServ.exe"="CFSServ.exe -NoClient"
"CeEKEY"="C:\\Program Files\\TOSHIBA\\E-KEY\\CeEKey.exe"
"BIBOPTIONDEADEGGS"="C:\\Documents and Settings\\All Users\\Application Data\\Rdr Show Bib Option\\ManagerNoun.exe"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"Apoint"="C:\\Program Files\\Apoint2K\\Apoint.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"2Search"="C:\\Program Files\\2search\\main.exe"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="about:Home"
"SubscribedURL"="about:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:0000009d

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
"key"="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Windows"
"item"="???
?"
"hkey"="HKCU"
"command"="???
?"
"inimapping"="1"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\A2400790918BBE1C.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 06-10-22 18:20:58.98
C:\ComboFix.txt ... 06-10-22 18:20

---

NoLop! Log by Skate_Punk_21

Fix running from: C:\Documents and Settings\Toni\Desktop
[22/10/2006]
[18:22:35]

---Infection Files Found/Removed---
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\1 love.exe
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\NounFork.exe
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\Settings Enc.exe
C:\Documents and Settings\All Users\Application Data\Rdr Show Bib Option\twoblah.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\fjxgwrrb.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\hsdlttyh.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\iihqobhd.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\iobmuffp.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\lyfsmqgw.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\mjnjzwhn.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\mqfcbvic.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\qubovlqx.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\snspzzzs.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\vxqsfjbw.exe
C:\Documents and Settings\Toni\Application Data\BLAH NEW\xwpylrwl.exe
C:\WINDOWS\tasks\A2400790918BBE1C.job

Beginning Removal...
Rebooting...
Removing Lop's Leftover Files/Folders...
Editing Registry...
**Fix Complete!**

---Listing AppData sub directories---

C:\Documents and Settings\Administrator\Application Data\Adobe
C:\Documents and Settings\Administrator\Application Data\Identities
C:\Documents and Settings\Administrator\Application Data\Macromedia
C:\Documents and Settings\Administrator\Application Data\Microsoft
C:\Documents and Settings\Administrator\Application Data\Mozilla
C:\Documents and Settings\Administrator\Application Data\Sonic
C:\Documents and Settings\Administrator\Application Data\Sun
C:\Documents and Settings\Administrator\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Administrator\Application Data\Talkback
C:\Documents and Settings\Administrator\Application Data\Toshiba
C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Creative
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Teleca
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Default User\Application Data\Sonic
C:\Documents and Settings\Default User\Application Data\Symantec -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Toshiba
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Toni\Application Data\Adobe
C:\Documents and Settings\Toni\Application Data\Adobeaum
C:\Documents and Settings\Toni\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Toni\Application Data\Aim
C:\Documents and Settings\Toni\Application Data\Apple Computer
C:\Documents and Settings\Toni\Application Data\Creative
C:\Documents and Settings\Toni\Application Data\Fotowire
C:\Documents and Settings\Toni\Application Data\Fujifilm
C:\Documents and Settings\Toni\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Toni\Application Data\Identities
C:\Documents and Settings\Toni\Application Data\Im-names
C:\Documents and Settings\Toni\Application Data\Intertrust
C:\Documents and Settings\Toni\Application Data\Intervideo
C:\Documents and Settings\Toni\Application Data\Lavasoft
C:\Documents and Settings\Toni\Application Data\Leadertech
C:\Documents and Settings\Toni\Application Data\Macromedia
C:\Documents and Settings\Toni\Application Data\Microsoft
C:\Documents and Settings\Toni\Application Data\Mozilla
C:\Documents and Settings\Toni\Application Data\Msninstaller
C:\Documents and Settings\Toni\Application Data\Real
C:\Documents and Settings\Toni\Application Data\Sonic
C:\Documents and Settings\Toni\Application Data\Sony Corporation
C:\Documents and Settings\Toni\Application Data\Sony Ericsson
C:\Documents and Settings\Toni\Application Data\Sun
C:\Documents and Settings\Toni\Application Data\Symantec
C:\Documents and Settings\Toni\Application Data\Talkback
C:\Documents and Settings\Toni\Application Data\Teleca
C:\Documents and Settings\Toni\Application Data\Toshiba

---

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 19:56:34 22/10/2006

+ Scan result:



C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051701.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051702.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051703.dll -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051704.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052085.exe/main.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052087.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052088.exe -> Adware.2Search : Cleaned.
C:\WINDOWS\system32\2search.exe/main.exe -> Adware.2Search : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121562.dll -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121563.exe -> Adware.CommAd : Cleaned.
C:\WINDOWS\Downloaded Program Files\v3.dll -> Adware.EliteBar : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121548.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121550.exe -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121630.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121631.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030958.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030959.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030960.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0034991.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0036999.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0037003.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038032.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039110.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039115.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039126.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039134.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040130.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040137.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042315.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042575.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042576.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042679.dll -> Adware.Look2Me : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039168.exe -> Adware.Lop : Cleaned.
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052083.EXE -> Adware.MyWebSearch : Cleaned.
C:\Documents and Settings\Toni\mt-uninstaller.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121739.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038037.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP104\A0109514.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121519.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121521.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121528.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121556.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121558.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121559.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121560.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121561.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031966.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031967.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0034965.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0034966.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040195.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042272.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051697.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051699.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052034.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP65\A0072151.dll -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP65\A0072152.exe -> Adware.Softomate : Cleaned.
C:\DXC9.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051681.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051682.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051683.exe -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051793.dll -> Adware.SurfSide : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042570.dll -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042573.dll -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042582.exe/IUCMORE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042582.exe/UCMTSAIE.DLL -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042582.exe/empty_00000001 -> Adware.Ucmore : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0033960.rbf -> Backdoor.MSNMaker.z : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038033.pif -> Backdoor.MSNMaker.z : Cleaned.
C:\Program Files\Hijackthis\backups\backup-20061022-185023-976.dll -> Dialer.Creazione.x : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121537.exe -> Downloader.Adload.fk : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121546.exe -> Downloader.Adload.fk : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121523.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121527.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030950.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030968.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030969.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031965.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032965.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038035.exe -> Downloader.Adload.fu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030946.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030970.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031969.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032966.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040155.exe -> Downloader.Adload.gf : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121534.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121542.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121543.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0037024.exe -> Downloader.Adload.gg : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP104\A0109513.exe -> Downloader.Adload.gj : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121536.exe -> Downloader.Adload.gk : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040165.exe -> Downloader.Adload.gm : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121535.exe -> Downloader.Adload.gn : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121544.exe -> Downloader.Adload.go : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121541.exe -> Downloader.Agent.azc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042317.exe -> Downloader.Agent.lq : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030951.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038036.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042316.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121539.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121540.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038031.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP64\A0069140.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051686.exe -> Dropper.Small : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032990.sys -> Hijacker.Costrat.i : Cleaned.
C:\WINDOWS\system32:lzx32.sys -> Hijacker.Costrat.i : Cleaned.
C:\Program Files\Hijackthis\backups\backup-20061022-185024-153.dll -> Not-A-Virus.Downloader.Win32.InsTool.a : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.4\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.5\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.6\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.7\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.8\UWFX5_0001_N57M2811NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\UERS_0001_NI57M1124NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.b : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned.
C:\WINDOWS\Downloaded Program Files\UERS_0001_N68M1801NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051848.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052036.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052038.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052065.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D08M0404NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D09M0706NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Cleaned.
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv576.jar-5135e12a-2a4966aa.zip/Dummy.class -> Not-A-Virus.Exploit.ByteVerify : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121554.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030975.exe -> Proxy.Small.bo : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030948.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030972.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030976.exe -> Trojan.ProcKill.DJ : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030952.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030974.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031976.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032987.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039180.exe -> Trojan.Sinowal.ay : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030947.exe -> Trojan.Sinowal.az : Cleaned.
C:\jttsdgjj.exe -> Trojan.Sinowal.az : Cleaned.
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00009.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030953.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031974.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032985.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038104.dll -> Trojan.Sinowal.bc : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030955.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030973.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031975.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP33\A0032986.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038105.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040156.dll -> Trojan.Sinowal.bd : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0030949.exe -> Worm.VB.ao : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031963.exe -> Worm.VB.ao : Cleaned.
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038034.exe -> Worm.VB.ao : Cleaned.
C:\WINDOWS\c.exe -> Worm.VB.ao : Cleaned.


::Report end

---

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 22, 2006 8:53:44 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 22/10/2006
Kaspersky Anti-Virus database records: 233846
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 67140
Number of viruses found: 41
Number of infected objects: 194 / 0
Number of suspicious objects: 2
Duration of the scan process: 00:38:44

Infected Object Name / Virus Name / Last Action
C:\ccreenfd.exe Infected: Trojan-Clicker.Win32.Costrat.k skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7372238-6cf2ed57.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7372238-6cf2ed57.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped
C:\Documents and Settings\Toni\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-7372238-6cf2ed57.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Toni\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Toni\drsmartload1135a.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\Documents and Settings\Toni\loadadv455.exe Infected: Trojan-Downloader.Win32.Harnig.cu skipped
C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Toni\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Toni\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Toni\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\Documents and Settings\Toni\mny.exe NSIS: infected - 5 skipped
C:\Documents and Settings\Toni\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Toni\ntuser.dat.LOG Object is locked skipped
C:\NoLopBackups\1 Love.exe.01.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Bindhole.exe.02.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Fjxgwrrb.exe.035.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Grtankgq.exe.036.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Heartflaw.exe.03.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Hsdlttyh.exe.037.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Iihqobhd.exe.038.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Iobmuffp.exe.039.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Jpcyvuhk.exe.040.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Lyfsmqgw.exe.042.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Mjnjzwhn.exe.043.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Mqfcbvic.exe.044.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Nounfork.exe.06.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Qubovlqx.exe.046.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Settings Enc.exe.07.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Snspzzzs.exe.047.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Twoblah.exe.08.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Vxqsfjbw.exe.048.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\NoLopBackups\Xwpylrwl.exe.049.infected Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Program Files\Mozilla Firefox\plugins\NPMyWebS.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped
C:\Program Files\MSN Messenger\riched20.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2CDA6F02.tmp Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A1F43B8.tmp Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A226DB5.tmp Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A226DB5.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A226DB5.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A226DB5.zip ZIP: infected - 2 skipped
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4A226DB5.zip CryptFF: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121525.exe Infected: Trojan-Downloader.Win32.Adload.ha skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121530.exe/deskbar.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121530.exe/deskbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121530.exe/deskbar.exe Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121530.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121531.exe/deskbar.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121531.exe/deskbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121531.exe/deskbar.exe Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121531.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121532.exe/deskbar.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121532.exe/deskbar.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121532.exe/deskbar.exe Infected: not-a-virus:AdWare.Win32.Softomate.r skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121532.exe ZIP: infected - 3 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121545.exe Infected: Trojan.Win32.Agent.tx skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121547.exe Infected: Trojan-Downloader.Win32.Adload.hb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121549.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121549.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121549.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121669.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121670.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121671.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121673.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121674.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121675.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121677.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121678.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121679.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121680.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121681.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121682.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121684.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121685.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121686.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121688.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121689.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121690.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121691.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121700.exe Infected: Trojan-Downloader.Win32.Adload.fu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121741.exe Infected: Trojan-PSW.Win32.Sinowal.az skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121742.dll Infected: Trojan-PSW.Win32.Sinowal.bc skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121743.exe Infected: IM-Worm.Win32.VB.ao skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121744.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121744.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121745.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121747.exe/data.rar/main.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121747.exe/data.rar/uninstall.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121747.exe/data.rar/get.exe Infected: not-a-virus:AdWare.Win32.2Search.c skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121747.exe/data.rar/2search.dll Infected: not-a-virus:AdWare.Win32.2Search.f skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121747.exe/data.rar Infected: not-a-virus:AdWare.Win32.2Search.f skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP115\A0121747.exe RarSFX: infected - 5 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP116\change.log Object is locked skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP23\A0021316.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP23\A0021317.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP23\A0021318.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP23\A0021319.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP23\A0021320.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP23\A0021321.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031964.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031964.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031964.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031964.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031964.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP31\A0031964.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032964.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032964.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032964.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032964.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032964.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP32\A0032964.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038030.exe/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038030.exe/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038030.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038038.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038038.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038038.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038038.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038038.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038038.exe NSIS: infected - 5 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0038076.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039169.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039170.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039171.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039172.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039173.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039174.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0039175.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP34\A0040207.exe Infected: Trojan.Win32.Agent.tx skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042578.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042579.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042580.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP37\A0042581.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.q skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051684.exe/InpB/DxcBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051684.exe/InpB/DxcCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ay skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051684.exe/InpB/Dxc.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051684.exe/InpB/DxcRepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051684.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.bb skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051684.exe CAB: infected - 5 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051798.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051799.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051800.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051801.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051802.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051803.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051805.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051806.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051807.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051808.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051809.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051810.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051811.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051813.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051814.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051815.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051816.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051820.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051822.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051823.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051824.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051825.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051826.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051829.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051830.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051830.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051830.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051830.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051831.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051831.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051831.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051832.exe/stream/data0002/data0004 Infected: Trojan-Downloader.MSIL.Agent.c skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051832.exe/stream/data0002/data0006 Infected: Trojan-Downloader.MSIL.Agent.c skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051832.exe/stream/data0002/data0009 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051832.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051832.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051832.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051832.exe NSIS: infected - 6 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051833.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051833.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051833.exe/stream Infected: not-a-virus:AdWare.Win32.Softomate.u skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051833.exe NSIS: infected - 3 skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051834.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051835.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051837.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051841.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051842.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051882.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051883.exe Infected: Trojan-Downloader.Win32.Swizzor.eu skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0051884.exe Infected: Trojan-Downloader.Win32.Swizzor.dv skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052084.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{9C6932B0-2C2C-4C44-BE12-957516222358}\RP45\A0052086.exe Infected: not-a-virus:AdWare.Win32.2Search.i skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.20060606-184516.backup Infected: Trojan.Win32.Qhost skipped
C:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped
C:\WINDOWS\system32\hbinter.exe/data.rar/targetsaver.exe Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\WINDOWS\system32\hbinter.exe/data.rar Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\WINDOWS\system32\hbinter.exe RarSFX: infected - 2 skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

Scan process completed.

---

Logfile of HijackThis v1.99.1
Scan saved at 21:00:06, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ZoomingHook.exe
C:\program files\belkin u-storage tools2.96\ustorage.exe
C:\WINDOWS\system32\TCtrlIOHook.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\ConfigFree\CFXFER.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
O4 - HKLM\..\Run: [UStorag] c:\program files\belkin u-storage tools2.96\ustorage.exe sys_auto_run C:\Program Files\Belkin U-Storage Tools2.96
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .UVR: C:\Program Files\Internet Explorer\Plugins\NPUPano.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/reso...lscbase969.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {A243F6C2-34D2-4549-BCCD-A7BEF759B236} (Seekford Solutions, Inc.'s ssiPictureUploader Control) - http://img.funtigo.com/images/upload...reUploader.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab
O18 - Protocol: bw+0 - {F3DFD957-4435-45B4-A055-9A653B42AB9E} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe



Thanks again.
scott2004 is offline