Tech Support Forum banner
Status
Not open for further replies.

[B]Need urgent help[/B]

2K views 5 replies 2 participants last post by  POADB 
#1 · (Edited)
Need urgent help

I have some problem with my system. There is virus in my sytem.
Its windows XP There are some programs like sursidekick 3, pokapoka, bargain buddy, cashback n many more. I tried removing it...but no success.
PLz help me out. Too many popups too.

Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 8:19:49 AM, on 8/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: SDWin32 Class - {4C721EB6-364C-42EB-9DDE-A14409A77B07} - C:\WINDOWS\system32\xiyfh.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\l4slkd.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [xiyfhc] C:\WINDOWS\system32\xiyfhc.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O9 - Extra button: Microsoft AntiSpyware helper - {8FF5F54D-0589-455C-9F40-464A27BEA739} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8FF5F54D-0589-455C-9F40-464A27BEA739} - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\flsmngr.dll
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123516343921
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\mbang.dll
O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: COM+ Runtime Service (CORRTSvc) - Unknown owner - %WinDIR%\System32\svchost.exe (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


End of KRC HijackThis Analyzer Log.
==============================================================
 
See less See more
#3 ·
Download Ewido Security Suite - Install & Update it's database but do not run it yet.

Download WinPfind.zip - Unzip to Drive C

Download Tq.zip - Unzip to Drive C

Download LQfix and save it to your desktop. Extract the file to your desktop but do not use it yet!


Download LSPFix.exe

Instructions for using LSPFix
  1. Double click on LSPFix.exe to run it.
  2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
  3. You'll find a windows with 2 columns. In the left column which is labeled 'Keep', click once to select the entry:
    • flsmngr.dll
  4. Then click on the arrow pointing to the right, >>.
    This will move the entry to the right column labeled 'Remove' Ensure this is the only DLL in the window.
  5. Click the Finish button to complete the fix.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT TO SAFE MODE
  1. Restart the computer. The computer begins processing a set of instructions known as BIOS.
  2. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
  3. Continue to do so until the 'Windows Advanced Options' menu appears.
  4. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Enable the viewing of Hidden files
  1. From Windows Explorer, go to Tools>Folder Options>View tab.
  2. Enable the option for `Show hidden files and folder´
  3. Disable the option for `Hide file extensions for known types´
  4. Disable the option for `Hide protected operating system files´
  5. Click Yes to confirm & then click OK

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Doubleclick LQfix.bat that you saved on your desktop earlier.
A dos window will open and close again, this is normal.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


** Please disable all other antivirus programs before proceeding.**

Run Ewido:
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK
  • Once finished, click the Save report button
  • Save the report to your desktop
Close Ewido
* Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Locate & double-click on WinPFind.exe.
  1. Click Start Scan
  2. Once the Scan is Complete
    1. Go to the WinPFind folder & locate WinPFind.txt
    2. Post the results in your next post!
* This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

Locate & double-click on Tq.vbs. Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next post
* If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:
  1. HiJackThis
  2. Ewido Results
  3. Antispyware.log
  4. WinPfind log
  5. Tg log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 
#4 ·
Virus is still there.

Thanks for ur help.
I have done excatly as above.
Well...i also get a message from Norton antivirus saying that it has detected the Backdoor.DSNX virus in C:/WINDOWS?TEMPu17.bat
DOMAIN NAME: WORKGROUP

Also these are the startup at the moment.
---------------------------------------------------------
ewido security suite - Startup report
---------------------------------------------------------

+ Created on: 8:57:11 AM, 8/26/2005
+ Report-Checksum: E98CBE01

Reg\HKLM\Run vidctrl C:\WINDOWS\system32\vidctrl\vidctrl.exe
Reg\HKLM\Run winsync C:\WINDOWS\system32\l4slkd.exe reg_run
Reg\HKLM\Run SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe
Reg\HKLM\Run 3un41bsg C:\WINDOWS\system32\3un41bsg.exe
Reg\HKLM\Run stb C:\WINDOWS\system32\stb.exe
Reg\HKLM\Run ZStart c:\windows\system32\qpdxregv.exe DO0605
Reg\HKLM\Run SysStart C:\WINDOWS\system32\ssysrx2d.exe DO0605
Reg\HKCU\Run RecordNow!
Reg\HKCU\Run SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe
Shell\CommonStartup nprn.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nprn.exe
Shell\CommonStartup Service Manager.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
Shell\UserStartup Zeno.lnk C:\Documents and Settings\sandeep\Start Menu\Programs\Startup\Zeno.lnk
Shell\UserStartup Zstart.lnk C:\Documents and Settings\sandeep\Start Menu\Programs\Startup\Zstart.lnk


Here is the fresh log from:
====================================================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

C:\PROGRA~1\Navnt\navapsvc.exe
C:\PROGRA~1\Navnt\npssvc.exe
C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Alert - Symantec Corporation - C:\PROGRA~1\Navnt\alertsvc.exe
O23 - Service: NAV Auto-Protect - Symantec Corporation - C:\PROGRA~1\Navnt\navapsvc.exe
O23 - Service: Norton Program Scheduler - Symantec Corporation - C:\PROGRA~1\Navnt\npssvc.exe

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 9:02:38 AM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\system32\3un41bsg.exe
C:\WINDOWS\system32\vidctrl\vidctrl.exe
c:\windows\system32\qpdxregv.exe
C:\WINDOWS\system32\ssysrx2d.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\l4slkd.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [3un41bsg] C:\WINDOWS\system32\3un41bsg.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [ZStart] c:\windows\system32\qpdxregv.exe DO0605
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\system32\ssysrx2d.exe DO0605
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\ssysrx2d.exe
O4 - Startup: Zstart.lnk = C:\Documents and Settings\sandeep\Local Settings\Temp\zxinst12.exe
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Microsoft AntiSpyware helper - {8FF5F54D-0589-455C-9F40-464A27BEA739} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8FF5F54D-0589-455C-9F40-464A27BEA739} - (no file) (HKCU)
O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.loksatta.com/daily/dynamic/wfplayer/tdserver.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {5F3B3060-09E0-44C6-86F7-BC7B02B57BEE} - http://downloads.shopathomeselect.com/cpi/grinstall_cpi1001.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123516343921
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {EE8B6D5F-FEF2-11D0-B13F-00A024798EF3} (Microsoft Search Settings Control) - http://lg.home.microsoft.com/search/lobby/searchsettings.cab
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\qlink32.dll
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\mbang.dll
O23 - Service: ASP.NET Admin Service (aspnet_admin) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: COM+ Runtime Service (CORRTSvc) - Unknown owner - %WinDIR%\System32\svchost.exe (file missing)
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


End of KRC HijackThis Analyzer Log.
==========================================================


Here is Ewido Results
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:10:48 PM, 8/25/2005
+ Report-Checksum: 7D2F3BF0

+ Scan result:

HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{83DC91DB-7896-43E3-B34D-A7D043F16BB1} -> Spyware.ClearStream : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8BD9566-9895-4FA3-918D-A51D4CD15865} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE7EF827-47CC-48EB-B570-C367F1E1277E} -> Spyware.RideMG : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DAB941D8-BC94-4819-AB4D-5598C65FA3FE} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073} -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eXactAdvertisingFuncade -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKU\.DEFAULT\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\dsktb\DesktopToolbar -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp\Config\button0 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp\Config\button1 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp\Config\button2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp\Config\button3 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp\Config\KeyWordFreqCap -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C4DA27D-4D52-4465-A089-98E01BB725CA} -> Spyware.IEPageHelper : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{207AEF46-0596-4966-A7BF-098F247E85BB} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83DC91DB-7896-43E3-B34D-A7D043F16BB1} -> Spyware.ClearStream : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99410CDE-6F16-42CE-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CE7EF827-47CC-48EB-B570-C367F1E1277E} -> Spyware.RideMG : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000049-8F91-4D9C-9573-F016E7626484} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C4DA27D-4D52-4465-A089-98E01BB725CA} -> Spyware.IEPageHelper : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{207AEF46-0596-4966-A7BF-098F247E85BB} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{339BB23F-A864-48C0-A59F-29EA915965EC} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{69135BDE-5FDC-4B61-98AA-82AD2091BCCC} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6828CA-9E42-462C-BC60-418C8144012C} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83DC91DB-7896-43E3-B34D-A7D043F16BB1} -> Spyware.ClearStream : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8952A998-1E7E-4716-B23D-3DBE03910972} -> Spyware.HuntBar : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{988CAFC4-DC0D-4D8C-A35E-5028ABE9E641} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CB5B2BC6-F957-4D8A-BE67-83F3EC58BA01} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CE7EF827-47CC-48EB-B570-C367F1E1277E} -> Spyware.RideMG : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\WinUpdt -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-2506135919-917291314-3849292660-1006\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Cleaned with backup
HKU\S-1-5-18\Software\toolbar -> Spyware.WebSearch : Cleaned with backup
[236] C:\WINDOWS\system32\mbang.dll -> Spyware.Look2Me : Error during cleaning
[692] C:\WINDOWS\system32\mxc70u.dll -> Spyware.Look2Me : Error during cleaning
[780] C:\WINDOWS\system32\joejd.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\sandeep\Cookies\sandeep@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temp\DelC.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temp\ICD1.tmp\wupdt.exe -> Spyware.Imiserverieplugin : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temp\resD.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\BFLJR1CW\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\BFLJR1CW\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\BFLJR1CW\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\BFLJR1CW\AppWrap[4].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\ET30DKNE\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\ET30DKNE\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\G7FRIGH1\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\G7FRIGH1\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\G7FRIGH1\upd209[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\GXY3W9EZ\upd208[1].exe -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\H4OFPDW9\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\H4OFPDW9\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\H4OFPDW9\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\K8QWL4P0\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\K8QWL4P0\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\M4H8XOTT\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\M4H8XOTT\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\M4H8XOTT\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\QIBH8APJ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\QIBH8APJ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\QIBH8APJ\website[1].ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\WAWLSJUT\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\WAWLSJUT\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\WAWLSJUT\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\XN9K7NKJ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\XN9K7NKJ\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\XN9K7NKJ\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\YR2AHESG\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\YR2AHESG\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\YR2AHESG\AppWrap[3].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\Z9947HNZ\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Program Files\180searchassistant\sac.exe -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\180searchassistant\sachook.dll -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adv.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\adx.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\BullsEye Network\bin\bargains.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\Program Files\CashBack -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\ad.dat -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_auto_wider.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_click_wider.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_welcome.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bb_welcome1.swf -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\cashback.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\cb.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\bin\flash.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\blank.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\icon.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\logo.gif -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\template.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\template2.html -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\ub.dat -> Spyware.CashBack : Cleaned with backup
C:\Program Files\CashBack\Uninstall.exe -> Spyware.CashBack : Cleaned with backup
C:\Program Files\Common Files\Java\flacpy.cfg -> Spyware.FlashEnhancer : Cleaned with backup
C:\Program Files\Common Files\system32.dll/Catcher.dll -> Spyware.Maxifiles : Error during cleaning
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\DNS\Catcher.dll -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\DNS\gui.exe -> TrojanDownloader.Agent.rv : Cleaned with backup
C:\Program Files\NaviSearch\bin\nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\abi.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIR21184.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FINC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMP3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_MARKETING11.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\installer_VENDARE.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\website.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_MARKETING11.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\installer_VENDARE.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\extract.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\iexplore.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\invitessk.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\isrvs\isearch.xpi/chrome/isearch.jar/content/isearch/isearch.js -> Spyware.iSearch : Cleaned with backup
C:\WINDOWS\ivsbyd.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\ljbhdymd.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\88ac09g5.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\ca2.dll -> Spyware.SearchIt : Cleaned with backup
C:\WINDOWS\system32\Cache\Installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\ceidnd.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\ceidnf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\cxdxregt.exe -> Trojan.Zx.12 : Cleaned with backup
C:\WINDOWS\system32\dovxdec_0411.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\drivers\df_kmd.sys -> Trojan.Rootkit.Agent.af : Cleaned with backup
C:\WINDOWS\system32\dsktrf.dll -> Spyware.Beginto : Cleaned with backup
C:\WINDOWS\system32\dsktrf1.dll -> Spyware.Beginto : Cleaned with backup
C:\WINDOWS\system32\Ednqhm.exe -> TrojanDownloader.Agent.hw : Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\iv41_qcx.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\jkzspz.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\knrr5ki7.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\lanbrup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\lppcx11n.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\nsbC.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsh16.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nss11.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\system32\nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\p88fk7jj.dll -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\pbwpq.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\qeiwawqk.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\qmfpud.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\qmfpuf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\qpdxregv.exe -> Trojan.Zx.12 : Cleaned with backup
C:\WINDOWS\system32\redtrsha.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\richedtr.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\richup.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\rtneg4.dll -> Spyware.Beginto : Cleaned with backup
C:\WINDOWS\system32\shlnt97.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\wexrag.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\system32\xiyfhc.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\xiyfhd.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\system32\xiyfhf.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\tct101.dll -> TrojanDownloader.Dyfuca.eg : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Error during cleaning
C:\WINDOWS\Temp\Cookies\sandeep@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@ads.addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@citi.bridgetrack[2].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@edge.ru4[1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@pro-market[1].txt -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\WINDOWS\Temp\Cookies\sandeep@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\WINDOWS\Temp\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8NOFA9QT\pcs_0026[1].exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\Temp\w181609.Stub.exe -> TrojanDownloader.Delmed.a : Cleaned with backup
C:\WINDOWS\Temp\zxinst12.exe -> Trojan.Zx.12 : Cleaned with backup
C:\WINDOWS\wdskctl.exe -> Spyware.ShopNav : Cleaned with backup
C:\WINDOWS\wupdt.exe -> Spyware.Imiserverieplugin : Cleaned with backup


::Report End
------------------------------------
 
#5 ·
------------------------------------------------



Here is Antispyware.log

Started Scanning
Internet Cookies
Found 'statcounter.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'ads.addynamix.com' in 'Internet Explorer Cache'
Found 'partypoker.com' in 'Internet Explorer Cache'
Found 'edge.ru4.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Found 'azjmp.com' in 'Internet Explorer Cache'
Found 'z1.adserver.com' in 'Internet Explorer Cache'
Found 'tradedoubler.com' in 'Internet Explorer Cache'
Found 'exitexchange.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'hits.clickandtrack.net' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'hypertracker.com' in 'Internet Explorer Cache'
Found 'pro-market.net' in 'Internet Explorer Cache'
Found 'perf.overture.com' in 'Internet Explorer Cache'
Found 'abetterinternet.com' in 'Internet Explorer Cache'
Found 'maxserving.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'cliks.org' in 'Internet Explorer Cache'
Found 'btg.btgrab.com' in 'Internet Explorer Cache'
Found 'trafficmp.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'offeroptimizer.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'partypoker.touchclarity.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'revenue.net' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\AppID\x2ff.DLL'
Found 'AppID' in 'SOFTWARE\Classes\AppID\x2ff.DLL'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'SOFTWARE\Classes\Common.Buttons'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{BA2462E1-33A1-481F-B8F6-2F0E2680B01A}\1.0'
Found '' in 'SOFTWARE\Classes\FlashTalk.ClientInterface\CurVer'
Found '' in 'SOFTWARE\Classes\FlashTalk.ClientInterface\CLSID'
Found '' in 'SOFTWARE\Classes\FlashTalk.ClientInterface.1\CLSID'
Found '' in 'SOFTWARE\Classes\FlashTalk.ClientInterface.1'
Found '' in 'SOFTWARE\Classes\FlashTalk.ClientInterface'
Found '' in 'SOFTWARE\Classes\CLSID\{12F443D3-FE69-41D0-B383-BACB9F824E9F}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{12F443D3-FE69-41D0-B383-BACB9F824E9F}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{12F443D3-FE69-41D0-B383-BACB9F824E9F}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{12F443D3-FE69-41D0-B383-BACB9F824E9F}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{12F443D3-FE69-41D0-B383-BACB9F824E9F}'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found '' in 'SOFTWARE\Classes\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}\1.0\0'
Found '' in 'SOFTWARE\Classes\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{1BD49631-AE36-42F4-A37B-CA7F53146821}'
Found '' in 'SOFTWARE\Classes\Interface\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{28168CCE-5310-4F12-AB58-9DA99A55AAEB}'
Found '' in 'SOFTWARE\SecureWin'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{FB45C451-B0E9-4407-BB6A-9361013F3E9A}\LocalServer32'
Found '' in 'SOFTWARE\motoin'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Found '' in 'SOFTWARE\WeirdOnTheWeb'
Found '' in 'CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}'
Found '' in 'SOFTWARE\Classes\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}'
Found '' in 'CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}'
Found '' in 'SOFTWARE\Classes\CLSID\{7149E79C-DC19-4C5E-A53C-A54DDF75EEE9}\Implemented Categories\{40FC6ED4-2438-11CF-A3DB-080036F12502}'
Internet URL Shortcuts
Found ' Free Spy Cam - Realtime.url' in 'C:\Documents and Settings\sandeep\Favorites\'
Found ' Free Hidden Cams World - Realtime.url' in 'C:\Documents and Settings\sandeep\Favorites\'
Found 'WeirdOnTheWeb.url' in 'C:\Documents and Settings\sandeep\Favorites\'
Files and Directories
Found 'AUNPS2.dll' in 'C:\!Submit'
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5.
Checking for 'C:\!Submit\AUNPS2.dll' in shortcut areas.
Checking for 'C:\!Submit\AUNPS2.dll' in startup areas.
Cleaning 'C:\!Submit\AUNPS2.dll'
Finished Cleaning
Started Scanning
Internet Cookies
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'pro-market.net' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'www.shopathomeselect.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'software\classes\VCCPGDATAACCESS.PgDataAccessCtrl.1'
Found '' in 'software\classes\VCCPGDATAACCESS.PgDataAccessCtrl.1\CLSID'
Found '' in 'SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1'
Found '' in 'SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1\CLSID'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found 'UninstallString' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found 'DisplayName' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick'
Found '' in 'SOFTWARE\Classes\CLSID\{F3155057-4C2C-4078-8576-50486693FD49}\Implemented Categories'
Found '' in 'SOFTWARE\Classes\CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}\Implemented Categories'
Found 'Search Page' in 'Software\Microsoft\Internet Explorer\Main'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'
Found 'ZStart' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found 'SysStart' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Found '' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/html'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'CLSID' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/html'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'
Found '' in 'SOFTWARE\Mvu'
Found '' in 'VCCPGDATAACCESS.PgDataAccessCtrl.1'
Found '' in 'CLSID\{E2BF1BF3-1FDB-4C93-8874-0B09E71C594C}'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'CLSID\{F3155057-4C2C-4078-8576-50486693FD49}'
Found '' in 'ClientAX.ClientInstaller.1'
Found '' in 'SOFTWARE\Classes\ClientAX.ClientInstaller.1'
Internet URL Shortcuts
Found 'Funcade.lnk' in 'C:\Documents and Settings\sandeep\Start Menu\Programs\Funcade\'
Found 'Funcade.lnk' in 'C:\Documents and Settings\sandeep\Desktop\'
Found 'Uninstall.lnk' in 'C:\Documents and Settings\sandeep\Start Menu\Programs\Funcade\'
Files and Directories
Found 'II22.exe' in 'C:\Documents and Settings\Administrator\Local Settings\Temp'
Found 'dst_abi[1].exe' in 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67'
Found 'kill%20all%20spyware212345[1].ico' in 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67'
Found 'kill%20evidence%203[1].ico' in 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN'
Found 'virushunter31[1].ico' in 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN'
Found 'internet%20popup%20blocker1[1].ico' in 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EVV9WI5C'
Found 'poker112[1].ico' in 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB'
Found 'usplat151[1].ico' in 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB'
Found '286.dfn' in 'C:\Documents and Settings\All Users\Application Data\nsv\cache'
Found 'wmv0104.dbd' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0106.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0204.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0315.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0412.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0504.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv0904.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1125.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1204.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1909.ddx' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv1920.dbd' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'wmv2007.dbd' in 'C:\Documents and Settings\All Users\Application Data\nsv'
Found 'X0FF.cfg' in 'C:\Documents and Settings\All Users\Application Data\X0FF'
Found 'x1ff.dll' in 'C:\Documents and Settings\All Users\Application Data\x1ff'
Found 'Desktop Toolbar' in 'C:\Documents and Settings\sandeep\Desktop'
Found '' in 'C:\Documents and Settings\sandeep\Favorites\Finances & Business'
Found '' in 'C:\Documents and Settings\sandeep\Favorites\Health & Insurance'
Found '' in 'C:\Documents and Settings\sandeep\Favorites\Homelife & Travel'
Found 'AppWrap[3].exe' in 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\ET30DKNE'
Found 'AppWrap[2].exe' in 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\Z9947HNZ'
Found '' in 'C:\Documents and Settings\sandeep\Start Menu\Programs\Funcade'
Found 'BPT.exe' in 'C:\Program Files\Bpt'
Found 'RemoveDisplayUtility.exe' in 'C:\Program Files\Common Files\Uninstall Information'
Found '' in 'C:\Program Files\Funcade'
Found 'funcade.exe' in 'C:\Program Files\Funcade'
Found '' in 'C:\Program Files\joystick networks'
Found '' in 'C:\Program Files\NaviSearch'
Found 'ad.dat' in 'C:\Program Files\NaviSearch'
Found '' in 'C:\Program Files\NaviSearch\bin'
Found 'bb_welcome.html' in 'C:\temp'
Found 'bb_welcome1.swf' in 'C:\temp'
Found 'icon.gif' in 'C:\temp'
Found '' in 'C:\WINDOWS\inst'
Found '' in 'C:\WINDOWS\isrvs'
Found '' in 'C:\WINDOWS\isrvs\icons'
Found 'spywareavenger.ico' in 'C:\WINDOWS\isrvs\icons'
Found 'virushunter.ico' in 'C:\WINDOWS\isrvs\icons'
Found 'rgrt.exe' in 'C:\WINDOWS'
Found 'sysinfo.dat' in 'C:\WINDOWS'
Found 'desktrf[1].exe' in 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XYXFKWXY'
Found 'InstallerV2.exe' in 'C:\WINDOWS\system32'
Found 'License.txt' in 'C:\WINDOWS\system32\nsvsvc'
Found 'nsv.ocx' in 'C:\WINDOWS\system32\nsvsvc'
Found 'nsvs.dll' in 'C:\WINDOWS\system32\nsvsvc'
Found 'nsvsvc.exe' in 'C:\WINDOWS\system32\nsvsvc'
Finished Scanning
Started Backup
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Unable to create the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000 for restore. [SCANMODS] Error=5.
Finished Backup
Started Cleaning
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_WINTOOLSSVC\0000'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'. Error=5.
[SCANMODS] WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_TBPSSVC\0000'. Error=5.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temp\II22.exe' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temp\II22.exe' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temp\II22.exe'
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67\dst_abi[1].exe' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67\dst_abi[1].exe' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67\dst_abi[1].exe'
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67\kill%20all%20spyware212345[1].ico' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67\kill%20all%20spyware212345[1].ico' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\0LQJ4X67\kill%20all%20spyware212345[1].ico'
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN\kill%20evidence%203[1].ico' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN\kill%20evidence%203[1].ico' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN\kill%20evidence%203[1].ico'
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN\virushunter31[1].ico' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN\virushunter31[1].ico' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\4LTQR0MN\virushunter31[1].ico'
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EVV9WI5C\internet%20popup%20blocker1[1].ico' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EVV9WI5C\internet%20popup%20blocker1[1].ico' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\EVV9WI5C\internet%20popup%20blocker1[1].ico'
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB\poker112[1].ico' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB\poker112[1].ico' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB\poker112[1].ico'
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB\usplat151[1].ico' in shortcut areas.
Checking for 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB\usplat151[1].ico' in startup areas.
Cleaning 'C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\OHMZS1MB\usplat151[1].ico'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\cache\286.dfn' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\cache\286.dfn' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\cache\286.dfn'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0104.dbd'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0106.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0204.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0315.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0412.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0504.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv0904.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1125.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1204.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1909.ddx'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv1920.dbd'
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\nsv\wmv2007.dbd'
Checking for 'C:\Documents and Settings\All Users\Application Data\X0FF\X0FF.cfg' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\X0FF\X0FF.cfg' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\X0FF\X0FF.cfg'
Checking for 'C:\Documents and Settings\All Users\Application Data\x1ff\x1ff.dll' in shortcut areas.
Checking for 'C:\Documents and Settings\All Users\Application Data\x1ff\x1ff.dll' in startup areas.
Cleaning 'C:\Documents and Settings\All Users\Application Data\x1ff\x1ff.dll'
Checking for 'C:\Documents and Settings\sandeep\Desktop\Desktop Toolbar' in shortcut areas.
Checking for 'C:\Documents and Settings\sandeep\Desktop\Desktop Toolbar' in startup areas.
Cleaning 'C:\Documents and Settings\sandeep\Desktop\Desktop Toolbar'
Checking for 'C:\Documents and Settings\sandeep\Favorites\Finances & Business' in shortcut areas.
Checking for 'C:\Documents and Settings\sandeep\Favorites\Finances & Business' in startup areas.
Cleaning 'C:\Documents and Settings\sandeep\Favorites\Finances & Business'
Checking for 'C:\Documents and Settings\sandeep\Favorites\Health & Insurance' in shortcut areas.
Checking for 'C:\Documents and Settings\sandeep\Favorites\Health & Insurance' in startup areas.
Cleaning 'C:\Documents and Settings\sandeep\Favorites\Health & Insurance'
Checking for 'C:\Documents and Settings\sandeep\Favorites\Homelife & Travel' in shortcut areas.
Checking for 'C:\Documents and Settings\sandeep\Favorites\Homelife & Travel' in startup areas.
Cleaning 'C:\Documents and Settings\sandeep\Favorites\Homelife & Travel'
Checking for 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\ET30DKNE\AppWrap[3].exe' in shortcut areas.
Checking for 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\ET30DKNE\AppWrap[3].exe' in startup areas.
Cleaning 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\ET30DKNE\AppWrap[3].exe'
Checking for 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\Z9947HNZ\AppWrap[2].exe' in shortcut areas.
Checking for 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\Z9947HNZ\AppWrap[2].exe' in startup areas.
Cleaning 'C:\Documents and Settings\sandeep\Local Settings\Temporary Internet Files\Content.IE5\Z9947HNZ\AppWrap[2].exe'
Checking for 'C:\Documents and Settings\sandeep\Start Menu\Programs\Funcade' in shortcut areas.
Checking for 'C:\Documents and Settings\sandeep\Start Menu\Programs\Funcade' in startup areas.
Cleaning 'C:\Documents and Settings\sandeep\Start Menu\Programs\Funcade'
Checking for 'C:\Program Files\Bpt\BPT.exe' in shortcut areas.
Checking for 'C:\Program Files\Bpt\BPT.exe' in startup areas.
Cleaning 'C:\Program Files\Bpt\BPT.exe'
Checking for 'C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe' in shortcut areas.
Checking for 'C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe' in startup areas.
Cleaning 'C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe'
Checking for 'C:\Program Files\Funcade' in shortcut areas.
Checking for 'C:\Program Files\Funcade' in startup areas.
Cleaning 'C:\Program Files\Funcade'
Checking for 'C:\Program Files\Funcade\funcade.exe' in shortcut areas.
Checking for 'C:\Program Files\Funcade\funcade.exe' in startup areas.
Cleaning 'C:\Program Files\Funcade\funcade.exe'
Checking for 'C:\Program Files\Funcade\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\Funcade\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\Funcade\uninstall.exe'
Checking for 'C:\Program Files\Funcade\funcade.exe' in shortcut areas.
Checking for 'C:\Program Files\Funcade\funcade.exe' in startup areas.
Cleaning 'C:\Program Files\Funcade\funcade.exe'
[SCANMODS] The file 'C:\Program Files\Funcade\funcade.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\joystick networks' in shortcut areas.
Checking for 'C:\Program Files\joystick networks' in startup areas.
Cleaning 'C:\Program Files\joystick networks'
Checking for 'C:\Program Files\NaviSearch' in shortcut areas.
Checking for 'C:\Program Files\NaviSearch' in startup areas.
Cleaning 'C:\Program Files\NaviSearch'
Checking for 'C:\Program Files\NaviSearch\ad.dat' in shortcut areas.
Checking for 'C:\Program Files\NaviSearch\ad.dat' in startup areas.
Cleaning 'C:\Program Files\NaviSearch\ad.dat'
Checking for 'C:\Program Files\NaviSearch\Uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\NaviSearch\Uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\NaviSearch\Uninstall.exe'
Checking for 'C:\Program Files\NaviSearch\ad.dat' in shortcut areas.
Checking for 'C:\Program Files\NaviSearch\ad.dat' in startup areas.
Cleaning 'C:\Program Files\NaviSearch\ad.dat'
[SCANMODS] The file 'C:\Program Files\NaviSearch\ad.dat' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\NaviSearch\bin' in shortcut areas.
Checking for 'C:\Program Files\NaviSearch\bin' in startup areas.
Cleaning 'C:\Program Files\NaviSearch\bin'
[SCANMODS] The file 'C:\Program Files\NaviSearch\bin' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\temp\bb_welcome.html' in shortcut areas.
Checking for 'C:\temp\bb_welcome.html' in startup areas.
Cleaning 'C:\temp\bb_welcome.html'
Checking for 'C:\temp\bb_welcome1.swf' in shortcut areas.
Checking for 'C:\temp\bb_welcome1.swf' in startup areas.
Cleaning 'C:\temp\bb_welcome1.swf'
Checking for 'C:\temp\icon.gif' in shortcut areas.
Checking for 'C:\temp\icon.gif' in startup areas.
Cleaning 'C:\temp\icon.gif'
Checking for 'C:\WINDOWS\inst' in shortcut areas.
Checking for 'C:\WINDOWS\inst' in startup areas.
Cleaning 'C:\WINDOWS\inst'
Checking for 'C:\WINDOWS\inst\3p2.exe' in shortcut areas.
Checking for 'C:\WINDOWS\inst\3p2.exe' in startup areas.
Cleaning 'C:\WINDOWS\inst\3p2.exe'
Checking for 'C:\WINDOWS\isrvs' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs' in startup areas.
Cleaning 'C:\WINDOWS\isrvs'
Checking for 'C:\WINDOWS\isrvs\icons\hushware.ico' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons\hushware.ico' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons\hushware.ico'
Checking for 'C:\WINDOWS\isrvs\icons\popupblocker.ico' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons\popupblocker.ico' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons\popupblocker.ico'
Checking for 'C:\WINDOWS\isrvs\icons\spywareavenger.ico' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons\spywareavenger.ico' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons\spywareavenger.ico'
Checking for 'C:\WINDOWS\isrvs\icons\usaplatinum.ico' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons\usaplatinum.ico' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons\usaplatinum.ico'
Checking for 'C:\WINDOWS\isrvs\icons\virushunter.ico' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons\virushunter.ico' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons\virushunter.ico'
Checking for 'C:\WINDOWS\isrvs\icons' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons'
[SCANMODS] The file 'C:\WINDOWS\isrvs\icons' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\isrvs\icons\spywareavenger.ico' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons\spywareavenger.ico' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons\spywareavenger.ico'
[SCANMODS] The file 'C:\WINDOWS\isrvs\icons\spywareavenger.ico' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\isrvs\icons\virushunter.ico' in shortcut areas.
Checking for 'C:\WINDOWS\isrvs\icons\virushunter.ico' in startup areas.
Cleaning 'C:\WINDOWS\isrvs\icons\virushunter.ico'
[SCANMODS] The file 'C:\WINDOWS\isrvs\icons\virushunter.ico' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\rgrt.exe' in shortcut areas.
Checking for 'C:\WINDOWS\rgrt.exe' in startup areas.
Cleaning 'C:\WINDOWS\rgrt.exe'
Checking for 'C:\WINDOWS\sysinfo.dat' in shortcut areas.
Checking for 'C:\WINDOWS\sysinfo.dat' in startup areas.
Cleaning 'C:\WINDOWS\sysinfo.dat'
Checking for 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XYXFKWXY\desktrf[1].exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XYXFKWXY\desktrf[1].exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\XYXFKWXY\desktrf[1].exe'
Checking for 'C:\WINDOWS\system32\InstallerV2.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\InstallerV2.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\InstallerV2.exe'
Checking for 'C:\WINDOWS\system32\nsvsvc\License.txt' in shortcut areas.
Checking for 'C:\WINDOWS\system32\nsvsvc\License.txt' in startup areas.
Cleaning 'C:\WINDOWS\system32\nsvsvc\License.txt'
Checking for 'C:\WINDOWS\system32\nsvsvc\nsv.ocx' in shortcut areas.
Checking for 'C:\WINDOWS\system32\nsvsvc\nsv.ocx' in startup areas.
Cleaning 'C:\WINDOWS\system32\nsvsvc\nsv.ocx'
Checking for 'C:\WINDOWS\system32\nsvsvc\nsvs.dll' in shortcut areas.
Checking for 'C:\WINDOWS\system32\nsvsvc\nsvs.dll' in startup areas.
Cleaning 'C:\WINDOWS\system32\nsvsvc\nsvs.dll'
Checking for 'C:\WINDOWS\system32\nsvsvc\nsvsvc.exe' in shortcut areas.
Checking for 'C:\WINDOWS\system32\nsvsvc\nsvsvc.exe' in startup areas.
Cleaning 'C:\WINDOWS\system32\nsvsvc\nsvsvc.exe'
Finished Cleaning

------------------------------------------------------------

here is winPfind log

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
web-nex 8/24/2005 8:05:14 PM 1074 C:\WINDOWS\IE4 Error Log.txt
SAHAgent 7/21/2005 3:13:32 PM 52224 C:\WINDOWS\ivripcdh.exe
web-nex 8/15/2005 1:34:38 PM 4078 C:\WINDOWS\jhmja.dll
PECompact2 8/23/2005 1:13:02 PM 15666129 C:\WINDOWS\lpt$vpn.797
qoologic 8/23/2005 1:13:02 PM 15666129 C:\WINDOWS\lpt$vpn.797
SAHAgent 8/23/2005 1:13:02 PM 15666129 C:\WINDOWS\lpt$vpn.797
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 8/23/2005 1:13:02 PM 15666129 C:\WINDOWS\VPTNFILE.797
qoologic 8/23/2005 1:13:02 PM 15666129 C:\WINDOWS\VPTNFILE.797
SAHAgent 8/23/2005 1:13:02 PM 15666129 C:\WINDOWS\VPTNFILE.797
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
SAHAgent 8/25/2005 3:41:18 PM 2907 C:\WINDOWS\SYSTEM32\88ac09g5.ini
SAHAgent 7/29/2005 10:53:54 AM 55 C:\WINDOWS\SYSTEM32\a02rs7h4.ini
PEC2 3/18/2003 11:05:48 PM 2052096 C:\WINDOWS\SYSTEM32\atl71.pdb
69.59.186.63 8/17/2005 1:56:10 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/17/2005 1:56:10 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/17/2005 1:56:10 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/17/2005 1:56:10 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/17/2005 1:56:10 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/17/2005 1:56:10 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/17/2005 1:56:10 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
SAHAgent 7/27/2005 11:33:50 AM 35 C:\WINDOWS\SYSTEM32\db3iin94.ini
PEC2 3/30/2003 10:00:00 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
SAHAgent 7/22/2005 9:03:00 PM 55 C:\WINDOWS\SYSTEM32\e16aihua.ini
SAHAgent 7/12/2005 8:39:22 PM 55 C:\WINDOWS\SYSTEM32\e6cv46tl.ini
SAHAgent 7/19/2005 3:02:26 PM 35 C:\WINDOWS\SYSTEM32\h8urm58u.ini
SAHAgent 7/12/2005 9:13:36 AM 35 C:\WINDOWS\SYSTEM32\ha4ggm2k.ini
SAHAgent 8/25/2005 8:29:20 AM 35 C:\WINDOWS\SYSTEM32\ivripcdh.ini
UPX! 5/8/2005 10:02:42 AM 3072 C:\WINDOWS\SYSTEM32\jwdxsfhl.exe
SAHAgent 8/25/2005 8:29:20 AM 35 C:\WINDOWS\SYSTEM32\knrr5ki7.ini
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PEC2 2/27/2004 1:00:00 AM 8392704 C:\WINDOWS\SYSTEM32\MFC42.PDB
PEC2 2/27/2004 1:00:00 AM 4280320 C:\WINDOWS\SYSTEM32\MFC42D.PDB
PEC2 2/27/2004 1:00:00 AM 8351744 C:\WINDOWS\SYSTEM32\MFC42U.PDB
PEC2 2/27/2004 1:00:00 AM 4280320 C:\WINDOWS\SYSTEM32\MFC42UD.PDB
PEC2 3/19/2003 1:20:00 AM 10357760 C:\WINDOWS\SYSTEM32\mfc71.pdb
PEC2 3/19/2003 12:28:40 AM 8252416 C:\WINDOWS\SYSTEM32\MFC71d.pdb
PEC2 3/19/2003 1:12:12 AM 10333184 C:\WINDOWS\SYSTEM32\mfc71u.pdb
PEC2 3/19/2003 12:31:58 AM 8293376 C:\WINDOWS\SYSTEM32\mfc71ud.pdb
PEC2 2/27/2004 1:00:00 AM 2379776 C:\WINDOWS\SYSTEM32\MFCD42D.PDB
PEC2 2/27/2004 1:00:00 AM 2396160 C:\WINDOWS\SYSTEM32\MFCD42UD.PDB
PEC2 2/27/2004 1:00:00 AM 1781760 C:\WINDOWS\SYSTEM32\MFCN42D.PDB
PEC2 2/27/2004 1:00:00 AM 1789952 C:\WINDOWS\SYSTEM32\MFCN42UD.PDB
PEC2 2/27/2004 1:00:00 AM 4722688 C:\WINDOWS\SYSTEM32\MFCO42D.PDB
PEC2 2/27/2004 1:00:00 AM 4763648 C:\WINDOWS\SYSTEM32\MFCO42UD.PDB
SAHAgent 7/26/2005 3:53:56 PM 35 C:\WINDOWS\SYSTEM32\mmdf7k0h.ini
SAHAgent 7/21/2005 10:47:50 AM 35 C:\WINDOWS\SYSTEM32\mo19oa67.ini
PECompact2 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
SAHAgent 7/22/2005 9:02:32 PM 55 C:\WINDOWS\SYSTEM32\sjot0dph.ini
SAHAgent 7/18/2005 8:18:38 AM 35 C:\WINDOWS\SYSTEM32\vgt9u08q.ini
SAHAgent 7/23/2005 1:35:22 PM 35 C:\WINDOWS\SYSTEM32\vpo77ei9.ini
winsync 3/30/2003 10:00:00 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
69.59.186.63 8/25/2005 4:19:10 PM 10240 C:\WINDOWS\SYSTEM32\__delete_on_reboot__joejd.dll
209.66.67.134 8/25/2005 4:19:10 PM 10240 C:\WINDOWS\SYSTEM32\__delete_on_reboot__joejd.dll
web-nex 8/25/2005 4:19:10 PM 10240 C:\WINDOWS\SYSTEM32\__delete_on_reboot__joejd.dll
winsync 8/25/2005 4:19:10 PM 10240 C:\WINDOWS\SYSTEM32\__delete_on_reboot__joejd.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/25/2005 5:05:00 PM S 2048 C:\WINDOWS\bootstat.dat
8/8/2005 11:53:14 AM H 0 C:\WINDOWS\inf\oem40.inf
8/8/2005 12:02:36 PM H 0 C:\WINDOWS\inf\oem41.inf
8/23/2005 10:37:30 AM R S 417792 C:\WINDOWS\system32\mbang.dll
8/25/2005 5:05:20 PM R S 417792 C:\WINDOWS\system32\mxc70u.dll
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
6/30/2005 9:06:34 AM S 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
6/30/2005 1:42:18 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
6/30/2005 2:21:10 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
6/30/2005 8:46:18 AM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
6/28/2005 7:12:56 PM S 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
8/25/2005 7:06:48 PM H 45056 C:\WINDOWS\system32\config\default.LOG
8/25/2005 5:05:14 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/25/2005 5:05:02 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
8/25/2005 7:06:48 PM H 933888 C:\WINDOWS\system32\config\software.LOG
8/25/2005 7:06:50 PM H 1126400 C:\WINDOWS\system32\config\system.LOG
8/14/2005 10:25:18 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
6/30/2005 9:37:12 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\2d334e3b-0392-4834-ace0-bc85262f55a8
6/30/2005 9:37:12 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred
8/2/2005 7:16:02 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\92cb3450-20ee-46ef-823b-394c0e3627a1
8/2/2005 7:16:02 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/25/2005 5:03:10 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/2/2005 2:41:28 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/25/2005 9:53:12 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\8NOFA9QT\desktop.ini
8/23/2005 7:16:20 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\A9C36LE5\desktop.ini
8/23/2005 7:16:26 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\C9OFCV8V\desktop.ini
8/23/2005 7:16:28 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CH4PARK1\desktop.ini
8/25/2005 9:53:14 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\I7WHAPSP\desktop.ini
8/23/2005 7:16:28 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\MN2NQXUJ\desktop.ini
8/25/2005 9:53:12 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\SBCPI34X\desktop.ini
8/25/2005 9:53:10 AM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\U1A1EBQZ\desktop.ini

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 5/7/2004 1:05:42 AM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Iridian Technologies, Inc. 12/12/2002 11:39:24 AM 176128 C:\WINDOWS\SYSTEM32\privateID.cpl
Apple Computer, Inc. 12/14/2003 12:20:50 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Symantec Corporation 8/18/1999 5:22:20 PM 143360 C:\WINDOWS\SYSTEM32\s32lucp1.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\dllcache\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\dllcache\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\dllcache\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\dllcache\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155648 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 3/30/2003 10:00:00 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\dllcache\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
7/15/2003 3:56:18 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
9/3/2004 11:28:40 PM 902 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
7/15/2003 8:46:26 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/7/2004 1:43:08 AM 237 C:\Documents and Settings\All Users\Application Data\hpzinstall.log

Checking files in %USERPROFILE%\Startup folder...
7/15/2003 3:56:18 PM HS 84 C:\Documents and Settings\sandeep\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
7/15/2003 8:46:26 AM HS 62 C:\Documents and Settings\sandeep\Application Data\desktop.ini
8/25/2005 3:31:26 PM 446871 C:\Documents and Settings\sandeep\Application Data\Sskknwrd.dll
2/16/2005 8:34:08 PM 67 C:\Documents and Settings\sandeep\Application Data\sversion.ini

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{B137E4B6-C98C-49D4-BD22-3926AE1F8C39} = C:\WINDOWS\system32\iv41_qcx.dll
{9B9CCA39-BDA6-4799-A170-C18A9D2B162E} = C:\WINDOWS\system32\mxc70u.dll

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ftmfgkmm
{ba72adda-cc2f-4e0e-8544-d1ad055692ec} = C:\WINDOWS\system32\joejd.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\NavNT
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Navnt\navshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TortoiseSVN
{C0351349-7B7D-4fcc-81B4-1E394CA267EB} = C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NavNT
{067DF822-EAB6-11cf-B56E-00A0244D5087} = C:\Program Files\Navnt\navshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu
{e3f2bac0-099f-11cf-8daa-00aa004a5691} = nwprovau.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TortoiseSVN
{C0351349-7B7D-4fcc-81B4-1E394CA267EB} = C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TortoiseSVN
{C0351349-7B7D-4fcc-81B4-1E394CA267EB} = C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87} = C:\Program Files\Network Associates\VirusScan\shext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{C0351349-7B7D-4fcc-81B4-1E394CA267EB}
= C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\system32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\system32\msjava.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RecordNow!
SurfSideKick 3 C:\Program Files\SurfSideKick 3\Ssk.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoCDBurning 0


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
usscaumgi.exe C:\WINDOWS\system\usscaumgi.exe
wmeace C:\WINDOWS\system32\wmeace.exe
attlwa C:\WINDOWS\system32\attlwa.exe
disdpa C:\WINDOWS\system32\disdpa.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SideBySide
= C:\WINDOWS\system32\mbang.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs repairs.dll


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/25/2005 7:26:07 PM

-------------------------------------------------------------------------------


here is TG log

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"winsync"="C:\\WINDOWS\\system32\\l4slkd.exe reg_run"
"SurfSideKick 3"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- ftmfgkmm
{ba72adda-cc2f-4e0e-8544-d1ad055692ec}
C:\WINDOWS\system32\joejd.dll

Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

Subkey --- NavNT
{067DF822-EAB6-11cf-B56E-00A0244D5087}
C:\Program Files\Navnt\navshell.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- TortoiseSVN
{C0351349-7B7D-4fcc-81B4-1E394CA267EB}
C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

Subkey --- VirusScan
{cda2863e-2497-4c49-9b89-06840e070a87}
C:\Program Files\Network Associates\VirusScan\shext.dll

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {C0351349-7B7D-4fcc-81B4-1E394CA267EB}
C:\Program Files\TortoiseSVN\bin\tortoisesvn.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

desktop.ini
nprn.exe
Service Manager.lnk
==============================
C:\Documents and Settings\sandeep\Start Menu\Programs\Startup

desktop.ini
nprn.exe
Service Manager.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files


access.cpl
appwiz.cpl
bthprops.cpl
desk.cpl
firewall.cpl
hdwwiz.cpl
inetcpl.cpl
intl.cpl
irprops.cpl
joy.cpl
jpicpl32.cpl
main.cpl
mmsys.cpl
ncpa.cpl
netsetup.cpl
nusrmgr.cpl
nwc.cpl
odbccp32.cpl
powercfg.cpl
privateID.cpl
QuickTime.cpl
s32lucp1.cpl
sysdm.cpl
telephon.cpl
timedate.cpl
wscui.cpl
wuaucpl.cpl


---------------------------------------------------



Well there was no problem while scanning but ewido couldn't delete few infected files.
What should i do next?

Thanks
 
#6 · (Edited)
Due to the extent of the infection, you will need to follow these instructions carefully. Take your time.

I recommend you print or copy the following to Wordpad or Notepad so that you can follow them. You will be required to cut and paste etc, and work offline and in Safe Mode, so wordpad/notepad, would be the better option.

When you have downloaded the below - Disconnect from the internet!

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

I have attached a file to this post - regdel.txt
Download it & rename it "regdel.REG" (inclusive of the quotes)
Make sure you do not mistakenly rename it as regdel.reg.txt (double extensions)
Double-click on it & answer YES when prompted to merge into the Registry

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet!

Update the database of Ewido but do not run it yet.

Download L2MFix - Double click L2mfix.exe & answer Yes when prompted. Then click the Install button to extract the files to a newly created folder named - L2mfix

Disconnect from the internet, now.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - Choose YES when informs you the file will be deleted on Reboot. Choose NO when it asks if you want to reboot):

C:\WINDOWS\ivripcdh.exe
C:\WINDOWS\jhmja.dll
C:\WINDOWS\SYSTEM32\88ac09g5.ini
C:\WINDOWS\SYSTEM32\a02rs7h4.ini
C:\WINDOWS\SYSTEM32\datadx.dll
C:\WINDOWS\SYSTEM32\db3iin94.ini
C:\WINDOWS\SYSTEM32\e6cv46tl.ini
C:\WINDOWS\SYSTEM32\h8urm58u.ini
C:\WINDOWS\SYSTEM32\ha4ggm2k.ini
C:\WINDOWS\SYSTEM32\ivripcdh.ini
C:\WINDOWS\SYSTEM32\jwdxsfhl.exe
C:\WINDOWS\SYSTEM32\knrr5ki7.ini
C:\WINDOWS\SYSTEM32\mmdf7k0h.ini
C:\WINDOWS\SYSTEM32\mo19oa67.ini
C:\WINDOWS\SYSTEM32\sjot0dph.ini
C:\WINDOWS\SYSTEM32\vgt9u08q.ini
C:\WINDOWS\SYSTEM32\vpo77ei9.ini
C:\WINDOWS\SYSTEM32\__delete_on_reboot__joejd.dll
C:\WINDOWS\bootstat.dat
C:\WINDOWS\system32\mxc70u.dll
C:\WINDOWS\SYSTEM32\privateID.cpl
C:\Documents and Settings\sandeep\Application Data\Sskknwrd.dll
C:\WINDOWS\system32\iv41_qcx.dll
C:\WINDOWS\system32\mxc70u.dll
C:\WINDOWS\system32\joejd.dll
C:\WINDOWS\system\usscaumgi.exe
C:\WINDOWS\system32\wmeace.exe
C:\WINDOWS\system32\attlwa.exe
C:\WINDOWS\system32\disdpa.exe
C:\WINDOWS\system32\mbang.dll
C:\WINDOWS\system32\l4slkd.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nprn.exe
C:\Documents and Settings\sandeep\Start Menu\Programs\Startup\nprn.exe


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Go into Add/Remove and uninstall, if found:

SurfSideKick 3
SideBySide


Delete the follwoing folder:

C:\Program Files\SurfSideKick 3\


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT TO SAFE MODE
  1. Restart the computer. The computer begins processing a set of instructions known as BIOS.
  2. As soon as the BIOS has finished loading, begin tapping the F8 key on your keyboard.
  3. Continue to do so until the 'Windows Advanced Options' menu appears.
  4. Using the arrow keys on the keyboard, scroll to and select the menu item - Safe Mode.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Ewido:
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
  • With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click OK
  • Once finished, click the Save report button
  • Save the report to your desktop
Close Ewido
* Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run a scan with HiJackThis & select(tick) the following & click [Fix checked] :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O2 - BHO: LinkTracker Class - {8B6DA27E-7F64-4694-8F8F-DC87AB8C6B22} - C:\WINDOWS\system32\qlink32.dll
O3 - Toolbar: COMMUNICATOR - {4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} - C:\WINDOWS\system32\communicator.dll
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\l4slkd.exe reg_run
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [3un41bsg] C:\WINDOWS\system32\3un41bsg.exe
O4 - HKLM\..\Run: [stb] C:\WINDOWS\system32\stb.exe
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [ZStart] c:\windows\system32\qpdxregv.exe DO0605
O4 - HKLM\..\Run: [SysStart] C:\WINDOWS\system32\ssysrx2d.exe DO0605
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\ssysrx2d.exe
O4 - Startup: Zstart.lnk = C:\Documents and Settings\sandeep\Local Settings\Temp\zxinst12.exe
O18 - Filter: text/html - {DFAA31C8-A356-4313-9D95-5EDAB46C5070} - C:\WINDOWS\system32\qlink32.dll
O20 - AppInit_DLLs: repairs.dll
O20 - Winlogon Notify: Unimodem - C:\WINDOWS\system32\mbang.dll



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Locate and delete the following files(s), if present:
  • C:\WINDOWS\system32\communicator.dll
    C:\WINDOWS\system32\qlink32.dll
    C:\WINDOWS\system32\l4slkd.exe
    C:\WINDOWS\system32\3un41bsg.exe
    C:\WINDOWS\system32\stb.exe
    c:\windows\system32\qpdxregv.exe
    C:\WINDOWS\system32\ssysrx2d.exe
    C:\Documents and Settings\sandeep\Local Settings\Temp\zxinst12.exe
Locate and delete the following folder(s), if present:
  • C:\WINDOWS\system32\vidctrl\
Search for & delete ... using Start> Search... the following file(s), if present:
  • repairs.dll


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Close all open programs
Double click L2mfix.bat
Select option #2 - Run Fix - by typing 2
Press any key to reboot your computer.
After a reboot, your desktop and icons will appear, then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, you will be presented with a log. Copy the contents of that log and paste it here, along with a new HJT log.

Please Do NOT run any other files in the l2mfix folder until you are told to

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

Do an online scan at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

In your next post, please include fresh logs from:
  1. HiJackThis
  2. Online scan
  3. New Ewido Results
  4. Log from L2mfix.bat
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top