Ran Lspfix, OTmoveIt, then could NOT delete C:\windows\Fonts folder, it gave "Cannot delete chkdsk.exe: Access is denied" error. Posting other logs below.
The log from Kaspersky online scan is huge as it lists a HUGE numbers of "skipped" message from my old C:\Program Files\Norton AntiVirus\Quarantine\ folder. I have stripped off most of those logs for Norton AntiVirus\Quarantine\ to keep this post small, just left a sample for you. If you need to know all of those, please let me know. Can I delete those quarantined files/folders?
==== from OTMoveIt ====
DllUnregisterServer procedure not found in c:\windows\system32\msnetax.dll
c:\windows\system32\msnetax.dll NOT unregistered.
c:\windows\system32\msnetax.dll moved successfully.
File/Folder C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll not found.
File/Folder C:\Program Files\Common Files\Yazzle1122OinAdmin.exe not found.
C:\WINDOWS\temp\BIT3B.tmp moved successfully.
C:\WINDOWS\temp\BIT3B1.tmp moved successfully.
File/Folder C:\WINDOWS\temp\BITE2.tmp not found.
C:\WINDOWS\temp\win16C7.tmp moved successfully.
C:\WINDOWS\temp\win55DD.tmp moved successfully.
C:\WINDOWS\temp\winBC04.tmp moved successfully.
Created on 02/23/2007 22:22:34
======end of OTmoveIt log========
==== from Panda activescan=====
Incident Status Location
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\dasj@mailaka.net\cookies.txt[.bfast.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\dasj@mailaka.net\cookies.txt[.atdmt.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Owner\Application Data\Mozilla\Profiles\dasj@mailaka.net\cookies.txt[.clickbank.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Owner\Cookies\owner@hitbox[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@realmedia[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Owner\Cookies\owner@searchportal.information[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Owner\Cookies\owner@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
Adware:Adware/Yazzle Not disinfected C:\Documents and Settings\Owner\DoctorWeb\Quarantine\Yazzle1122OinAdmin.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe
Adware:Adware/888Bar Not disinfected C:\Program Files\Common Files\{3417BE8B-0A1F-1033-0916-031025200001}\UnInstall.exe
Adware:Adware/888Bar Not disinfected C:\Program Files\Common Files\{3417BE8B-0A20-1033-0916-031025200001}\UnInstall.exe
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{03306E57-A3DF-4DA6-AF30-6C753DCC9B47}]
Spyware:Cookie/BurstNet Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{060A390A-9D76-4F3C-A6D4-1D866892B9EB}]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{0BFC94B7-E26D-4E8B-994E-8237C400981A}]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{1663E6B5-5FA6-48F0-AE70-7FFDDF44034E}]
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{1EDADB09-B213-4F46-B7D1-CE5BFE5A32FC}]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{204E342C-4171-4CF1-B8C0-8D6DE42A7B04}]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{213CC799-CE3A-4135-9CCA-BA29A94122FF}]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{2278D47D-B79D-4285-9455-2A3DD14A8159}]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{255E79AD-CC6A-463C-8F03-BBA01B9DBAB3}]
Spyware:Cookie/Humanclick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{31D83B40-804E-49B1-A3F6-9557E9C61F34}]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{3CD6525A-9BDA-40C9-BA23-BA9E261037A1}]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{3F16DBB8-A62F-4CE4-ACFC-8BF2ECD89DAB}]
Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{433890CC-7DF9-47BA-8049-22B2E8EBACB1}]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{45126A04-4B1A-4381-A7DD-EBA877D4EADA}]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{4B04FFCE-8748-4ED2-A069-D50C12FDC01C}]
Spyware:Cookie/AdDynamix Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{4E141273-2811-4828-B3F9-FFE99AD4502C}]
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{51170D1E-2A8D-4BE9-8C4B-5A88EB59CE40}]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{5AD21610-C841-4CBD-8962-A1043C31A168}]
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{608690E1-0193-47BE-B9B8-560795302AAD}]
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{614F85BD-BB04-49B2-97E0-E9CA02576E05}]
Spyware:Cookie/Hitslink Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{73B606C5-C052-4ED0-930D-6A19B00BECA1}]
Spyware:Cookie/DomainSponsor Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{768243DB-0AE7-4FC9-B163-E32054DEDE29}]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{86BA5EB4-835C-405C-B117-17032D347B01}]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{87E53708-7D9A-4EBF-866E-18F5A0AFEC47}]
Spyware:Cookie/QkSrv Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{88353D82-15AE-4B53-81BC-4FDE1BC88C83}]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{8ABCAC24-766C-4FE9-AF34-0893E9E2C820}]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{8D62D382-38D7-482E-9C4C-B67F50F0D7B6}]
Spyware:Cookie/HotLog Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{917CEB92-EAD4-4E4E-945B-734041485571}]
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{92717291-4F4C-4A1E-BA31-E775D80173F3}]
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{958F6EF1-F061-4F37-9ECD-93F2A57CF762}]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{98F7C4D1-FB6E-4FE5-9BE3-71FE80E05F86}]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{9B2E121C-4607-477E-98EF-C764A332D71A}]
Spyware:Cookie/bravenetA Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{9B453C96-2CD3-48D8-8D7B-AE2D2DD6DC1C}]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{9B8A80AA-384F-4675-9BD2-4FF1101C7127}]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{B2050641-25BB-4C2F-98F4-814BBDCC1CC9}]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{BC848E2B-CBEC-4DA6-8224-404918EC91C3}]
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{BD702E78-AAF7-4885-A387-114943B99D47}]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{BDA6AFBE-4886-4B8E-BC0C-9282E1262A17}]
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{C058BDDF-D653-4355-ADC7-757E84F7BD05}]
Spyware:Cookie/Sextracker Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{C23B1B21-61BA-476F-AE7D-4147F6E02DB8}]
Spyware:Cookie/Overture Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{C27ADF7B-D317-4B82-8F3B-952694665D44}]
Spyware:Cookie/Findwhat Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{CC5974D8-E300-4874-B87F-B79704D4FA5B}]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{D1940468-C316-4D3B-A88A-4BA98FC844DA}]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{D3FC36AF-8F7A-4130-B269-20FCC73A04C9}]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{E23C0020-2CAB-47C1-9185-D54577572A7E}]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{E63B2A34-6CEE-4977-B973-FD8C9751387A}]
Spyware:Cookie/Adtech Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{E6F1F439-A1D8-4003-B0AF-5520ECE56DE2}]
Spyware:Cookie/Weborama Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{EAFBEB0A-137C-41FA-A589-F29F207A0D6B}]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{F11C9576-BEB4-4BC0-8AF6-A41AA8A57CB9}]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{F31A8D2C-EAF5-4650-BEB2-92E52BEA09B6}]
Spyware:Cookie/Clickbank Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{877FD653-43CD-4F66-955A-DA50E97995F7}.zip[{FB4004D4-0410-4B36-AB5E-AAD58929C244}]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{08575037-7C36-4DEE-9ADE-07BDEEDB24E9}]
Spyware:Cookie/Doubleclick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{08F9CE75-5BB1-4629-9995-953FA4CA6CF5}]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{1B01BC05-07B6-49A2-B5EE-32146BDAE769}]
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{20664B0C-89C1-445D-B9E4-F0520A643BAA}]
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{23CB515A-037A-4CBC-9D21-B78A67EC088E}]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{274F895D-E959-41AF-A1DE-388E6FCEAB19}]
Spyware:Cookie/WUpd Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{30A91AB3-0D0B-4970-AF95-1432A661307E}]
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{4CEFEF54-22D5-4575-B1BF-5FA1ABB24735}]
Spyware:Cookie/Adserver Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{4FDCDCF7-C7C6-4CCA-8F5D-F6369E2D32A2}]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{5701CA04-93D9-41FF-9951-D69D1C4844B7}]
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{57068A6E-7663-41F4-B9FD-2BE3B05A7BE8}]
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{60836F16-3C5F-45C0-9CDD-7ADB6B9153F0}]
Spyware:Cookie/Bfast Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{61476CCC-9509-4D6B-95D8-61E7660F5315}]
Spyware:Cookie/Cgi-bin Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{61EF7613-58A2-4AA1-9A4A-2DFCD99ADB94}]
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{62244945-30EF-45F3-8766-314EC22C1556}]
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{623A1EB2-6D0E-4C64-BAD6-777B5421AF07}]
Spyware:Cookie/Overture Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{6245CD45-0F93-4E36-AECD-C2FBBCA0D96E}]
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{6315E0A8-B78F-4F34-823E-B536EB940978}]
Spyware:Cookie/FortuneCity Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{65872DD2-365B-4CC0-81D1-B6AE1D1904E9}]
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{67FA405B-FA51-4040-9965-32DF5A9CD3DC}]
Spyware:Cookie/Valueclick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{72EBEC10-92C5-4D9E-8DC0-B53658C9B779}]
Spyware:Cookie/AdDynamix Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{7484B8FC-4264-49E2-9559-F9C03186A3E5}]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{74CE4440-A51C-4471-BC0A-A0561DD5FE65}]
Spyware:Cookie/Serving-sys Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{8507BE01-AAED-4198-8DD1-8585478AE27B}]
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{8B38811C-D344-4693-8A1B-BBE3ED3FAA1E}]
Spyware:Cookie/FastClick Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{97D05FE0-1373-46B1-BB8C-3096362CA1E5}]
Spyware:Cookie/Linksynergy Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{B851AD79-B5EB-453D-B9FE-F5B95C026E76}]
Spyware:Cookie/Mediaplex Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{C6A0E03D-E4C3-425D-8E81-96F715BA2B8B}]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{CB0E2500-C1A8-488C-9701-B5BB8ABE1D72}]
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{D1836A64-B3AD-4F87-877A-A8760D4E0A23}]
Spyware:Cookie/Casalemedia Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{DDDE459A-19D2-4CA6-B9EC-00DAE289C0FB}]
Spyware:Cookie/Advertising Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{E9A73CB7-80D2-4716-9A14-57CDF70130D1}]
Spyware:Cookie/Adrevolver Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{EA0A0969-5E1F-43CD-A02A-F121E4AEA335}]
Spyware:Cookie/Coremetrics Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{EBC55916-4597-431D-BE0A-D362659BF68E}]
Spyware:Cookie/Hitbox Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{EE8B3B00-4647-484B-BC61-476A2377F5ED}]
Spyware:Cookie/Atlas DMT Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{EFB62422-534C-4CF8-B198-2997370DB970}]
Spyware:Cookie/CentrPort Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{F0D0123B-7361-45D3-A27E-F27E4B16BFC8}]
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Cosmi\SpyWare Killer Pro\scanner\Quarantine\{C9AE7021-1EF7-4BD4-94A7-CF4B93363250}.zip[{FAD509FA-F064-4342-9EA8-2F3890E3F038}]
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Microsoft Works\WkDetect.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\NetZero\exec.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\NZSearch\nzspc.exe
Adware:Adware/MediaTickets Not disinfected C:\Program Files\Outerinfo\OiUninstaller.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\SpySheriff\SpySheriff.exe
Adware:Adware/PestCapture Not disinfected C:\Program Files\SpySheriff\Uninstall.#xe
Virus:W32/Nuwar.N.worm Disinfected C:\SDFix\backups\backups.zip[backups/adirss.exe]
Adware:Adware/SpySheriff Not disinfected C:\SDFix\backups\backups.zip[backups/dxdlg32.exe]
Adware:Adware/Adsmart Not disinfected C:\SDFix\backups\backups.zip[backups/kernels88.exe]
Virus:Trj/Alanchum.RX Disinfected C:\SDFix\backups\backups.zip[backups/ma.exe.exe]
Adware:Adware/Maxifiles Not disinfected C:\SDFix\backups\backups.zip[backups/svchosts.exe]
Virus:Trj/Rizalof.WY Disinfected C:\SDFix\backups\backups.zip[backups/taskdir.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\tools\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\WINDOWS\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\gka.dll
Virus:Trj/Spammer.ZO Disinfected C:\WINDOWS\system32\msnetax.dll
Virus:Trj/Abwiz.BW Disinfected C:\WINDOWS\system32\spoolsvv.vxe
Virus:Trj/Spammer.ZO Disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\system32\msnetax.dll
Virus:Trj/Abwiz.BW Disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\temp\win16C7.tmp
Virus:Trj/Abwiz.BW Disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\temp\win55DD.tmp
Adware:Adware/WebAttaker Not disinfected C:\_OTMoveIt\MovedFiles\WINDOWS\temp\winBC04.tmp ========== end of Panda Activescan =========
============= log from KASPERSKY ONLINE scan =========
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, February 24, 2007 2:50:40 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/02/2007
Kaspersky Anti-Virus database records: 273130
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 62209
Number of viruses found: 25
Number of infected objects: 3930 / 0
Number of suspicious objects: 24
Duration of the scan process: 01:14:38
Infected Object Name / Virus Name / Last Action
C:\cp1041.nls Infected: SpamTool.Win32.Agent.u skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\Agent\Logs\TaskScheduler\McTskshd000.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_5ac.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\Perflib_Perfdata_658.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe Infected: Trojan.Win32.Obfuscated.dr skipped
C:\Program Files\Microsoft Works\WkDetect.exe Infected: Trojan.Win32.Obfuscated.dr skipped
C:\Program Files\NetZero\exec.exe Infected: Trojan.Win32.Obfuscated.dr skipped
C:\Program Files\Norton AntiVirus\Quarantine\00992A7A/data.rtf .scr Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\00992A7A ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\00992A7A CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\091F64A9/[From
hostmaster@ezy.net][Date Sat, 18 Dec 2004 05:53:44 GMT]/ezy.txt.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\091F64A9/[From
hostmaster@ezy.net][Date Sat, 18 Dec 2004 05:53:44 GMT]/ezy.txt.zip Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\091F64A9 Mail: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\091F64A9 CryptFF: infected - 2 skipped
C:\Program Files\Norton AntiVirus\Quarantine\093A348C/[From
user_info@core.com][Date Sat, 18 Dec 2004 14:04:46 GMT]/core_6147.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\093A348C/[From
user_info@core.com][Date Sat, 18 Dec 2004 14:04:46 GMT]/core_6147.zip Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2A5607/[From Mail Delivery System <Mailer-Daemon@washington.noc11.net>][Date Wed, 17 Nov 2004 12:49:26 -0800]/UNNAMED/[From
amchimes@shaktisolutions.com][Date Wed, 17 Nov 2004 14:49:19 -0600]/UNNAMED/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2A5607/[From Mail Delivery System <Mailer-Daemon@washington.noc11.net>][Date Wed, 17 Nov 2004 12:49:26 -0800]/UNNAMED/[From
amchimes@shaktisolutions.com][Date Wed, 17 Nov 2004 14:49:19 -0600]/UNNAMED/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2A5607/[From Mail Delivery System <Mailer-Daemon@washington.noc11.net>][Date Wed, 17 Nov 2004 12:49:26 -0800]/UNNAMED/[From
amchimes@shaktisolutions.com][Date Wed, 17 Nov 2004 14:49:19 -0600]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2A5607/[From Mail Delivery System <Mailer-Daemon@washington.noc11.net>][Date Wed, 17 Nov 2004 12:49:26 -0800]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2A5607 Mail: suspicious - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0B2A5607 CryptFF: suspicious - 4 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CEF25F0/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CEF25F0 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CEF25F0 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CF020A9.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CFC4DE1/details.txt .pif Infected: Email-Worm.Win32.NetSky.q skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CFC4DE1 ZIP: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\0CFC4DE1 CryptFF: infected - 1 skipped
C:\Program Files\Norton AntiVirus\Quarantine\6AAA4078/[From
re-mail_system@tempositions.com][Date Thu, 16 Dec 2004 23:45:46 UTC]/auto__mail.tempositions_9499.word.zip/message_text.txt .pif Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\Norton AntiVirus\Quarantine\6AAA4078/[From
re-mail_system@tempositions.com][Date Thu, 16 Dec 2004 23:45:46 UTC]/auto__mail.tempositions_9499.word.zip Infected: Email-Worm.Win32.Sober.i skipped
C:\Program Files\NZSearch\nzspc.exe Infected: Trojan.Win32.Obfuscated.dr skipped
C:\Program Files\Outerinfo\OiUninstaller.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Program Files\Outerinfo\OiUninstaller.exe/data0003 Infected: not-a-virus:AdWare.Win32.PurityScan.bu skipped
C:\Program Files\Outerinfo\OiUninstaller.exe NSIS: infected - 2 skipped
C:\SDFix\backups\backups.zip/backups/dxdlg32.exe Infected: Trojan.Win32.Obfuscated.dr skipped
C:\SDFix\backups\backups.zip/backups/kernels88.exe Infected: Trojan-Downloader.Win32.Small.cwj skipped
C:\SDFix\backups\backups.zip/backups/pp.exe.exe Infected: Email-Worm.Win32.Zhelatin.aj skipped
C:\SDFix\backups\backups.zip/backups/wuauclt.exe Infected: Trojan-Downloader.Win32.Small.ego skipped
C:\SDFix\backups\backups.zip ZIP: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Downloaded Program Files\USDR6_0001_D17M1107NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.l skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bvjg.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\ndis.sys Object is locked skipped
C:\WINDOWS\system32\gka.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\msnetax.dll Infected: Trojan.Win32.Agent.afg skipped
C:\WINDOWS\system32\runtime.sys Infected: Rootkit.Win32.Agent.dw skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\winlogon.exe Infected: Trojan.Win32.Patched.g skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
======= end of Kaspersky log ======
======from ComboScan.txt=====
ComboScan v20070221.16 run by Owner on 2007-02-24 at 15:28:34
Computer is in Normal Mode.
--------------------------------------------------------------------------------
System Restore was disabled; re-enabling.
Failed to create restore point: System Restore is disabled (service is not running).
Performed disk cleanup.
-- HijackThis (run as Owner.exe) ------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:29:14 PM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\NZSearch\nzspc.exe
C:\WINDOWS\FNTS~1\chkdsk.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\Owner\Desktop\comboscan.exe
C:\tools\Owner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://portal.mailaka.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://my.netzero.net/s/search?r=minisearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://portal.mailaka.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://my.netzero.net/s/search?r=minisearch
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ofb1 - {3E1500AC-87A5-416b-A211-82E848649DA9} - C:\PROGRA~1\Ofb1\ofb1.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {B46C7639-C8F4-E008-F7DA-C3DEBFC105B6} - C:\WINDOWS\system32\bvjg.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: ZeroBar - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - C:\Program Files\NetZero\Toolbar.dll
O3 - Toolbar: ZeroBar - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - C:\Program Files\NetZero\toolbar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [googletalk] C:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKCU\..\Run: [NetZero_uoltray] C:\Program Files\NetZero\bak\exec.exe regrun
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [googletalk] "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\nzspc.exe" -w
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Usrr] "C:\WINDOWS\FNTS~1\chkdsk.exe" -vt yazb
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Show All Original Images - "res://C:\Program Files\NetZero\qsacc\appres.dll/228"
O8 - Extra context menu item: Show Original Image - "res://C:\Program Files\NetZero\qsacc\appres.dll/227"
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/eng/par...an_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) -
http://www1.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {C946EF6D-296D-4907-A6E1-ED0E8E5AF024} (LycosMail Upload Control) -
http://mail.lycos.com/hanmail-ax/AttachMail.cab
O16 - DPF: {E9A7F56F-C40F-4928-8C6F-7A72F2A25222} (AxRUploadControl Object) -
http://www.imagestation.com/common/c...cab?v=1,0,0,37
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) -
http://www.snapfish.com/SnapfishUpload.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Owner\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{48FF8732-2D9A-45D2-AC39-928DFE93D2A1}: NameServer = 165.76.12.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{6C946AAC-89EC-4E1D-807A-18480BAD72A1}: NameServer = 165.76.12.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{D5B499E2-243B-40DC-A325-188732468138}: NameServer = 165.76.12.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{ECA75678-EDD3-48EB-8F6C-0B68EB1251BA}: NameServer = 165.76.12.2
O20 - AppInit_DLLs: c:\windows\system32\ldcore.dll
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
-- HijackThis Fixed Entries (C:\tools\backups\) ---------------------------------
backup-20070222-195237-102 O15 - Trusted Zone: *.media-motor.com (HKLM)
backup-20070222-195237-117 O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
backup-20070222-195237-181 O15 - Trusted Zone: *.imagesrvr.com (HKLM)
backup-20070222-195237-182 O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxq.dll
backup-20070222-195237-198 O15 - Trusted Zone: *.adgate.info
backup-20070222-195237-260 O15 - Trusted Zone: *.matcash.com (HKLM)
backup-20070222-195237-267 O15 - Trusted Zone: *.winantivirus.com
backup-20070222-195237-322 O15 - Trusted Zone: *.matcash.com
backup-20070222-195237-333 O15 - Trusted Zone: *.winfixer.com (HKLM)
backup-20070222-195237-440 O15 - Trusted Zone: *.systemdoctor.com (HKLM)
backup-20070222-195237-447 O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} -
http://www.systemdoctor.com/download...reeInstall.cab
backup-20070222-195237-450 O15 - Trusted Zone: *.systemdoctor.com
backup-20070222-195237-452 O15 - Trusted Zone: *.errorsafe.com (HKLM)
backup-20070222-195237-457 O15 - Trusted Zone: *.snipernet.biz
backup-20070222-195237-474 O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
backup-20070222-195237-499 O15 - Trusted Zone: *.imagesrvr.com
backup-20070222-195237-527 O15 - Trusted Zone: *.winfixer.com
backup-20070222-195237-589 O15 - Trusted Zone: *.media-motor.com
backup-20070222-195237-685 O15 - Trusted Zone: *.errorsafe.com
backup-20070222-195237-707 O15 - Trusted Zone: *.snipernet.biz (HKLM)
backup-20070222-195237-788 O15 - Trusted Zone: *.mediatickets.net
backup-20070222-195237-812 O2 - BHO: (no name) - {5ccaab50-41e0-4574-a1c6-5a4847a9ce57} - C:\WINDOWS\system32\ideoept.dll
backup-20070222-195237-824 O15 - Trusted Zone: *.mediatickets.net (HKLM)
backup-20070222-195237-860 O15 - Trusted Zone: *.winantivirus.com (HKLM)
backup-20070222-195237-874 O15 - Trusted Zone: *.media-motor.net (HKLM)
backup-20070222-195237-957 O15 - Trusted Zone: *.adgate.info (HKLM)
backup-20070222-195237-978 O15 - Trusted Zone: *.dollarrevenue.com
backup-20070222-195238-261 O20 - Winlogon Notify: ideoept - C:\WINDOWS\SYSTEM32\ideoept.dll
backup-20070222-195238-262 O23 - Service: WINS Client (RpcPatch) - Unknown owner - C:\WINDOWS\System32\wins\DLLHOST.EXE (file missing)
backup-20070222-195238-509 O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users\Documents\Settings\winsys2f.dll
backup-20070222-195238-675 O23 - Service: Network Connections Sharing (RpcTftpd) - Unknown owner - C:\WINDOWS\System32\wins\svchost.exe (file missing)
-- File Associations ------------------------------------------------------------
.bat - batfile - "%1" %*
.chm - chm.file - "C:\WINDOWS\hh.exe" %1
.cmd - cmdfile - "%1" %*
.com - comfile - "%1" %*
.exe - exefile - "%1" %*
.hlp - hlpfile - %SystemRoot%\System32\winhlp32.exe %1
.inf - inffile - %SystemRoot%\System32\NOTEPAD.EXE %1
.ini - inifile - %SystemRoot%\System32\NOTEPAD.EXE %1
.js - JSFile - notepad.exe "%1" %*
.lnk - lnkfile - {00021401-0000-0000-C000-000000000046}
.pif - piffile - "%1" %*
.reg - regfile - regedit.exe "%1"
.scr - scrfile - "%1" /S
.txt - txtfile - %SystemRoot%\system32\NOTEPAD.EXE %1
.vbs - VBSFile - notepad.exe "%1" %*
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ----------------------
3R ALCXWDM (Service for Realtek AC97 Audio (WDM)) - C:\WINDOWS\system32\drivers\ALCXWDM.SYS
3R ASAPIW2k - C:\WINDOWS\system32\drivers\asapiW2k.sys
2R ASPI32 - C:\WINDOWS\system32\drivers\ASPI32.SYS
3S CCDECODE (Closed Caption Decoder) - C:\WINDOWS\system32\drivers\ccdecode.sys
3S HidUsb (Microsoft HID Class Driver) - C:\WINDOWS\system32\drivers\hidusb.sys
3R HSFHWBS2 - C:\WINDOWS\system32\drivers\HSFHWBS2.sys
3R HSF_DP - C:\WINDOWS\system32\drivers\HSF_DP.sys
3R ialm - C:\WINDOWS\system32\drivers\ialmnt5.sys
1R intelppm (Intel Processor Driver) - C:\WINDOWS\system32\drivers\intelppm.sys
1S kbdhid (Keyboard HID Driver) - C:\WINDOWS\system32\drivers\kbdhid.sys
2R mdmxsdk - C:\WINDOWS\system32\drivers\mdmxsdk.sys
3S mouhid (Mouse HID Driver) - C:\WINDOWS\system32\drivers\mouhid.sys
3S MSTEE (Microsoft Streaming Tee/Sink-to-Sink Converter) - C:\WINDOWS\system32\drivers\mstee.sys
3S NABTSFEC (NABTS/FEC VBI Codec) - C:\WINDOWS\system32\drivers\nabtsfec.sys
3R NaiAvFilter1 - C:\WINDOWS\system32\drivers\naiavf5x.sys
3S NdisIP (Microsoft TV/Video Connection) - C:\WINDOWS\system32\drivers\ndisip.sys
3S ntldr.sys - C:\ntldr.sys (not found)
2S ONSIO - C:\WINDOWS\SYSTEM32\DRIVERS\ONSIO.SYS (not found)
3S PCANDIS5 (PCANDIS5 Protocol Driver) - C:\PROGRA~1\NETGEAR\MA111C~1\PCANDIS5.SYS (not found)
1R PCLEPCI - C:\WINDOWS\system32\drivers\Pclepci.sys
3S PRISM_USB (D-Link Air DWL-122 Wireless USB Adapter Driver) - C:\WINDOWS\system32\drivers\PRISMUSB.sys
0R PxHelp20 - C:\WINDOWS\system32\drivers\pxhelp20.sys
3S QCMerced (Logitech QuickCam Communicate) - C:\WINDOWS\system32\drivers\lvcm.sys
3R rtl8139 (Realtek RTL8139/810X Family PCI Fast Ethernet NIC NT Driver) - C:\WINDOWS\system32\drivers\RTL8139.sys
3S Runtime - C:\WINDOWS\system32\runtime.sys
3S SLIP (BDA Slip De-Framer) - C:\WINDOWS\system32\drivers\slip.sys
0S SMPLSCSI - C:\WINDOWS\system32\drivers\SMPLSCSI.SYS
3S streamip (BDA IPSink) - C:\WINDOWS\system32\drivers\streamip.sys
3S usbaudio (USB Audio Driver (WDM)) - C:\WINDOWS\system32\drivers\USBAUDIO.sys
3S usbccgp (Microsoft USB Generic Parent Driver) - C:\WINDOWS\system32\drivers\usbccgp.sys
3R usbehci (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) - C:\WINDOWS\system32\drivers\usbehci.sys
3S USBSTOR (USB Mass Storage Driver) - C:\WINDOWS\system32\drivers\usbstor.sys
3S wanatw (WAN Miniport (ATW)) - C:\WINDOWS\system32\DRIVERS\wanatw4.sys (not found)
3R winachsf - C:\WINDOWS\system32\drivers\HSF_CNXT.sys
3S WLAN_USB (Wireless LAN USB Driver) - C:\WINDOWS\system32\drivers\MA111nd5.sys
4R WS2IFSL (Windows Socket 2.0 Non-IFS Service Provider Support Environment) - C:\WINDOWS\system32\drivers\ws2ifsl.sys
3S WSTCODEC (World Standard Teletext Codec) - C:\WINDOWS\system32\drivers\wstcodec.sys
3R {6080A529-897E-4629-A488-ABA0C29B635E} (Intel(R) Graphics Platform (SoftBIOS) Driver) - C:\WINDOWS\system32\drivers\ialmsbw.sys
3R {D31A0762-0CEB-444e-ACFF-B049A1F6FE91} (Intel(R) Graphics Chipset (KCH) Driver) - C:\WINDOWS\system32\drivers\ialmkchw.sys
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
4S Alerter - C:\WINDOWS\System32\svchost.exe -k LocalService
3S ALG (Application Layer Gateway Service) - C:\WINDOWS\System32\alg.exe
3S AppMgmt (Application Management) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R AudioSrv (Windows Audio) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R BITS (Background Intelligent Transfer Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2S Browser (Computer Browser) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S CiSvc (Indexing Service) - C:\WINDOWS\system32\cisvc.exe
4S ClipSrv (ClipBook) - C:\WINDOWS\system32\clipsrv.exe
3S COMSysApp (COM+ System Application) - C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
2R CryptSvc (Cryptographic Services) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R DcomLaunch (DCOM Server Process Launcher) - C:\WINDOWS\system32\svchost -k DcomLaunch
2R Dhcp (DHCP Client) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S dmadmin (Logical Disk Manager Administrative Service) - C:\WINDOWS\System32\dmadmin.exe /com
3S dmserver (Logical Disk Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Dnscache (DNS Client) - C:\WINDOWS\System32\svchost.exe -k NetworkService
2R ERSvc (Error Reporting Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Eventlog (Event Log) - C:\WINDOWS\system32\services.exe
3R EventSystem (COM+ Event System) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S FastUserSwitchingCompatibility (Fast User Switching Compatibility) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S gusvc (Google Updater Service) - "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
2R helpsvc (Help and Support) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R HidServ (HID Input Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S HTTPFilter (HTTP SSL) - C:\WINDOWS\System32\svchost.exe -k HTTPFilter
3S ImapiService (IMAPI CD-Burning COM Service) - C:\WINDOWS\System32\imapi.exe
2R lanmanserver (Server) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R lanmanworkstation (Workstation) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R LmHosts (TCP/IP NetBIOS Helper) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R McDetect.exe (McAfee WSC Integration) - c:\program files\mcafee.com\agent\mcdetect.exe
2R McShield (McAfee.com McShield) - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
2R McTskshd.exe (McAfee Task Scheduler) - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
3S mcupdmgr.exe (McAfee SecurityCenter Update Manager) - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
4S Messenger - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S mnmsrvc (NetMeeting Remote Desktop Sharing) - C:\WINDOWS\System32\mnmsrvc.exe
3S MSDTC (Distributed Transaction Coordinator) - C:\WINDOWS\System32\msdtc.exe
3S MSIServer (Windows Installer) - C:\WINDOWS\System32\msiexec.exe /V
4S NetDDE (Network DDE) - C:\WINDOWS\system32\netdde.exe
4S NetDDEdsdm (Network DDE DSDM) - C:\WINDOWS\system32\netdde.exe
3S Netlogon (Net Logon) - C:\WINDOWS\System32\lsass.exe
3R Netman (Network Connections) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R Nla (Network Location Awareness (NLA)) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S NtLmSsp (NT LM Security Support Provider) - C:\WINDOWS\System32\lsass.exe
3S NtmsSvc (Removable Storage) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R PlugPlay (Plug and Play) - C:\WINDOWS\system32\services.exe
2R PolicyAgent (IPSEC Services) - C:\WINDOWS\System32\lsass.exe
2R ProtectedStorage (Protected Storage) - C:\WINDOWS\system32\lsass.exe
2R RasAuto (Remote Access Auto Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R RasMan (Remote Access Connection Manager) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RDSessMgr (Remote Desktop Help Session Manager) - C:\WINDOWS\system32\sessmgr.exe
4S RemoteAccess (Routing and Remote Access) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S RpcLocator (Remote Procedure Call (RPC) Locator) - C:\WINDOWS\System32\locator.exe
2R RpcSs (Remote Procedure Call (RPC)) - C:\WINDOWS\system32\svchost -k rpcss
3S RSVP (QoS RSVP) - C:\WINDOWS\System32\rsvp.exe
2R SamSs (Security Accounts Manager) - C:\WINDOWS\system32\lsass.exe
3S SCardSvr (Smart Card) - C:\WINDOWS\System32\SCardSvr.exe
2R Schedule (Task Scheduler) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R seclogon (Secondary Logon) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R SENS (System Event Notification) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R ShellHWDetection (Shell Hardware Detection) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R Spooler (Print Spooler) - C:\WINDOWS\system32\spoolsv.exe
2R srservice (System Restore Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3R SSDPSRV (SSDP Discovery Service) - C:\WINDOWS\System32\svchost.exe -k LocalService
2R stisvc (Windows Image Acquisition (WIA)) - C:\WINDOWS\System32\svchost.exe -k imgsvc
3S SwPrv (MS Software Shadow Copy Provider) - C:\WINDOWS\System32\dllhost.exe /Processid:{195E6122-CAE8-4FC9-BD96-F81BBD1135E2}
3S SysmonLog (Performance Logs and Alerts) - C:\WINDOWS\system32\smlogsvc.exe
3R TapiSrv (Telephony) - C:\WINDOWS\System32\svchost.exe -k netsvcs
4S TermService (Terminal Services) - C:\WINDOWS\System32\svchost -k DComLaunch
2R Themes - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R TrkWks (Distributed Link Tracking Client) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S upnphost (Universal Plug and Play Device Host) - C:\WINDOWS\System32\svchost.exe -k LocalService
3S UPS (Uninterruptible Power Supply) - C:\WINDOWS\System32\ups.exe
2R UxTuneUp (TuneUp Design Expansion) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S VSS (Volume Shadow Copy) - C:\WINDOWS\System32\vssvc.exe
2R W32Time (Windows Time) - C:\WINDOWS\System32\svchost.exe -k netsvcs
2R WebClient - C:\WINDOWS\System32\svchost.exe -k LocalService
2R winmgmt (Windows Management Instrumentation) - C:\WINDOWS\system32\svchost.exe -k netsvcs
3S WmdmPmSN (Portable Media Serial Number Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S WmiApSrv (WMI Performance Adapter) - C:\WINDOWS\System32\wbem\wmiapsrv.exe
2R wuauserv (Automatic Updates) - C:\WINDOWS\system32\svchost.exe -k netsvcs
2R WZCSVC (Wireless Zero Configuration) - C:\WINDOWS\System32\svchost.exe -k netsvcs
3S xmlprov (Network Provisioning Service) - C:\WINDOWS\System32\svchost.exe -k netsvcs
-- Scheduled Tasks --------------------------------------------------------------
2007-02-23 22:04:28 390 --a------ C:\WINDOWS\Tasks\1-Click Maintenance.job<1-CLIC~1.JOB>
-- Files created between 2007-01-24 and 2007-02-24 ------------------------------
2007-02-24 12:52:43 0 d-------- C:\WINDOWS\system32\Kaspersky Lab<KASPER~1>
2007-02-24 12:52:34 0 d-------- C:\WINDOWS\LastGood
2007-02-24 11:34:44 71 --a------ C:\WINDOWS\system32\pfdnnt_actions.sys<PFDNNT~1.SYS>
2007-02-24 11:34:43 8704 --a------ C:\WINDOWS\system32\pfdnnt.exe
2007-02-24 09:26:35 20480 -----n--- C:\WINDOWS\system32\msnetax.dll
2007-02-24 09:25:25 56832 --a------ C:\WINDOWS\system32\bvjg.dll
2007-02-23 22:29:54 0 d-------- C:\Program Files\CCleaner
2007-02-22 22:43:46 0 d-------- C:\tools
2007-02-22 22:25:24 114464 --a------ C:\WINDOWS\system32\drivers\naiavf5x.sys
2007-02-22 22:24:18 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-02-22 22:24:00 288320 -ra------ C:\WINDOWS\system32\mcgdmgr.dll
2007-02-22 22:23:59 349760 --a------ C:\WINDOWS\system32\mcinsctl.dll
2007-02-22 22:23:59 0 d-------- C:\Program Files\McAfee.com
2007-02-22 20:15:15 0 d-------- C:\Documents and Settings\Owner\DoctorWeb<DOCTOR~1>
2007-02-22 19:58:35 0 d-------- C:\_OTMoveIt<_OTMOV~1>
2007-02-22 19:27:51 0 d-------- C:\VundoFix Backups<VUNDOF~1>
2007-02-21 19:48:17 0 d-------- C:\SDFix
2007-02-21 15:31:16 0 d-------- C:\spoolerlogs<SPOOLE~1>
2007-02-21 08:07:12 2 --a------ C:\WINDOWS\system32\wtssvcc.exe
2007-02-21 08:07:09 0 d-------- C:\WINDOWS\system32\s?stem32
2007-02-21 08:07:09 0 d-------- C:\Program Files\Outerinfo<OUTERI~1>
2007-02-21 08:07:07 56832 -----n--- C:\WINDOWS\system32\gka.dll
2007-02-21 08
52 0 d-------- C:\Program Files\InetGet2
2007-02-21 08:04:47 0 d-------- C:\Program Files\Common Files\{3417BE8B-0A20-1033-0916-031025200001}<{3417B~2>
2007-02-21 08:04:47 0 d-------- C:\Program Files\Common Files\{1417BE8B-0A20-1033-0916-031025200001}<{1417B~2>
2007-02-21 07:29:13 24072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2007-02-21 07:28:13 0 d-------- C:\Program Files\TuneUp Utilities 2007<TUNEUP~1>
2007-02-21 07:28:13 0 d-------- C:\Documents and Settings\Owner\Application Data\TuneUp Software<TUNEUP~1>
2007-02-21 07:26:34 0 d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software<TUNEUP~1>
2007-02-20 23:25:31 0 d-------- C:\Program Files\Registry Mechanic<REGIST~1>
2007-02-20 21:27:40 0 d-------- C:\SDAT
2007-02-20 20:16:10 14782728 --a------ C:\sdat4967.exe
2007-02-19 23:34:52 4864 --a------ C:\WINDOWS\system32\runtime.sys
2007-02-19 22:36:46 0 d-------- C:\WINDOWS\system32\ActiveScan<ACTIVE~1>
2007-02-19 22:17:03 0 d-------- C:\Program Files\Common Files\{3417BE8B-0A1F-1033-0916-031025200001}<{3417B~1>
2007-02-19 18
18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-02-19 18
18 0 d-------- C:\Documents and Settings\Administrator\Application Data\InterTrust<INTERT~1>
2007-02-19 18
18 0 d-------- C:\Documents and Settings\Administrator\Application Data\Adobe
2007-02-19 18
17 0 d-------- C:\Documents and Settings\Administrator\WINDOWS
2007-02-19 18
17 1048576 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT
2007-02-19 00:14:26 0 d-a-s---- C:\Program Files\NewDotNet<NEWDOT~1>
2007-02-19 00:14:01 0 d-------- C:\Program Files\Ofb1
2007-02-16 10:02:51 0 d-------- C:\Documents and Settings\All Users\Application Data\MCA1C.tmp
2007-02-16 07:35:50 0 d-------- C:\Program Files\SpySheriff<SPYSHE~1>
2007-02-16 07:35:41 1443213 --a------ C:\Documents and Settings\Owner\Application Data\Install.dat
2007-02-14 14:18:12 0 d-------- C:\Practicum<PRACTI~1>
2007-02-05 21:49:36 0 d-------- C:\PMBOK Guide<PMBOKG~1>
-- Find3M Report ----------------------------------------------------------------
2007-02-24 11:00:47 0 d-------- C:\Program Files\NZSearch
2007-02-24 10:58:50 0 d-------- C:\Program Files\NetZero
2007-02-24 10:55:12 0 d-------- C:\Program Files\Messenger<MESSEN~1>
2007-02-21 07:26:26 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard<WISEIN~1>
2007-02-20 21:13:58 502272 --a------ C:\WINDOWS\system32\winlogon.exe
2007-02-20 21:09:52 1993270 --a------ C:\Documents and Settings\Owner\Application Data\CleanUp!.log
2007-02-20 07:51:35 0 d-------- C:\Program Files\7-Zip
2007-02-15 21:37:48 0 d-------- C:\Program Files\Microsoft Works<MICROS~4>
2007-01-16 21:26:18 0 d-------- C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-01-09 08:55:46 0 d-------- C:\Program Files\Microsoft<MICROS~3>
2006-12-31 20:46:19 0 d-------- C:\Program Files\Picasa2
2006-12-31 20:45:55 0 d-------- C:\Program Files\Google
-- Registry Dump ----------------------------------------------------------------
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NetZero_uoltray"="C:\\Program Files\\NetZero\\bak\\exec.exe regrun"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"googletalk"="\"C:\\Program Files\\Google\\Google Talk\\googletalk.exe\" /autostart"
"spc_w"="\"C:\\Program Files\\NZSearch\\nzspc.exe\" -w"
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_9 -reboot 1"
"Usrr"="\"C:\\WINDOWS\\FNTS~1\\chkdsk.exe\" -vt yazb"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"CHotkey"="zHotkey.exe"
"googletalk"="C:\\Program Files\\Google\\Google Talk\\googletalk.exe /autostart"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"appinit_dlls"="c:\windows\system32\ldcore.dll"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{55667788-ABCD-1234-5678-00C04FD8DBD8}"=""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"ALUAlert"="C:\\Program Files\\Symantec\\LiveUpdate\\ALUNotify.exe"
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{1417BE8B-0A1F-1033-0916-031025200001}"="\"C:\\Program Files\\Common Files\\{1417BE8B-0A1F-1033-0916-031025200001}\\Update.exe\" te-110-12-0000271"
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{1417BE8B-0A1F-1033-0916-031025200001}"="\"C:\\Program Files\\Common Files\\{1417BE8B-0A1F-1033-0916-031025200001}\\Update.exe\" te-110-12-0000271"
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\A3dxq
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winsys2freg
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp
-- End of ComboScan: finished at 2007-02-24 at 15:29:57 -------------------------
I will be posting Comboscan supplementary log as a separate reply as it exceeds #of characters.