lots of problems

[betty123]

trying to load norton antivirus. Loaded from cd but takes too long to update from web.

Logfile of HijackThis v1.99.1
Scan saved at 4:13:06 PM, on 7/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\ALCMTR.EXE
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\system32\prdsregs.exe
C:\WINDOWS\system32\rwinsqez.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\v1201.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\NORTON~2\navw32.exe
C:\WINDOWS\system32\dumprep.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\mfxbo.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,xaffalp.exe
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [defender] C:\\dfndrd_5.exe
O4 - HKLM\..\Run: [newname] C:\\nwnmd_5.exe
O4 - HKLM\..\Run: [{4D-DE-E6-6D-ZN}] C:\windows\system32\prdsregs.exe GID003
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinsqez.exe GID003
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QV6FYDER\WinAntiVirusPro2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [rvn896b6] RUNDLL32.EXE w07ae388.dll,n 001896b50000000307ae388
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinsqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysavsht.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C97B9D9A-A22C-4BB6-A32D-FA641510A0A4}: NameServer = 208.54.220.20 209.142.136.85
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\m8ls0i37e8.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows XP-SP2 FW (XP-P2FWD) - Unknown owner - C:\WINDOWS\algm.exe (file missing)

[tetonbob]

Hello and Welcome. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

This is pretty messy, and will likely take a few rounds to clean up.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Download Ewido Anti-Malware

• Install Ewido Anti-Malware
• Double-click the icon on Desktop to launch Ewido

You will need to update Ewido to the latest definition files.

• On the top of the main screen click Shield
• Click the word active to change it to inactive
• On the top of the main screen click Update.
• Then click on Start Update. The update will start and a progress bar will show the updates being installed.

If you are having problems with the updater, you can use this link to manually update Ewido

• Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

When you have finished updating, EXIT Ewido anti-spyware. Do Not run a scan just yet, we will shortly.

Download and install CleanUp!
NOTE: CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, make a backup of these before running CleanUp!. Do NOT run this program if you have XP Professional 64 bit edition. If you're unsure please do not run it! If you don't already know, you're probably not using XP64, but you can download & run this tool to find out for sure.....http://www.kellys-korner-xp.com/regs...p_whichcpu.exe

---------------------------------------------------------------------------------------------

Please disable Microsoft AntiSpyware, as it may hinder the removal of some entries. You can re-enable it after you're clean.

• Right click the Microsoft AntiSpyware icon located in the system tray
• Click on Security Agents Status (Enabled)
• Click on Disable Real-time Protection

---------------------------------------------------------------------------------------------

1. Download- bfu.zip
2. Extract the file to it's own folder, such as C:\BFU
3. Checkmark the following boxes:
   • Use settings specified in script for the above option
   • Show log after script ends
4. Click the Web button located on the top right corner
5. Copy/Paste this url into the address bar of the Download script window:

   http://metallica.geekstogo.com/alcanshorty.bfu

6. Execute the script by clicking the Execute button.
7. When it finishes running, click the Save button for a copy of the log
8. Post the log created by the script when you have completed the fix

---------------------------------------------------------------------------------------------

1. Download combofix from one of these locations:
   • http://www.techsupportforum.com/sectools/combofix.exe
   • http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click on combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

---------------------------------------------------------------------------------------------

Download LSPFix as we may need it later.

---------------------------------------------------------------------------------------------

Click Start->Run - type SERVICES.MSC & then click on the OK button

• Locate the service - XP-SP2 FW
• Double-click on it to open the Properties dialog.
• Under the General tab:
• Stop the service by using the Stop button.
• Change the Startup type to Disabled & then click on the OK button
  Then start HiJackThis & go to Config>Misc.Tools...> Delete an NT service...
• In the popup box that appears, copy/paste XP-P2FWD Click on the OK button

---------------------------------------------------------------------------------------------


Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Login on your usual account. Make sure to close any open browsers.

---------------------------------------------------------------------------------------------


Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist (Do not reboot if requested at this time):

WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below.
NewDotNet or New.Net domains
ToolBar888
QuickLinks
---------------------------------------------------------------------------------------------


Run a scan in HijackThis. Check each of the following and hit 'Fix checked' if they still exist (make sure not to miss any):


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...rio&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TY... io&pf=desktop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20065&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20065&k=
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: Yvakt Class - {AE0ECC2F-0C33-494C-8B22-B57A7763027F} - C:\WINDOWS\system32\x3cqp0.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [{4D-DE-E6-6D-ZN}] C:\windows\system32\prdsregs.exe GID003
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\system32\rwinsqez.exe GID003
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [Hhl7RfpJ] "C:\WINDOWS\system32\ssn6tuu.exe"
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QV6FYDER\WinAntiVirusPro2006Free Install[1].exe" -nag
O4 - HKLM\..\Run: [rvn896b6] RUNDLL32.EXE w07ae388.dll,n 001896b50000000307ae388
O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\rwinsqez.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.media-motor.net/cabs/joysavsht.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter: text/html - {DA28E0DB-229C-4003-827E-96AE15AD90FB} - C:\WINDOWS\system32\x3cqp0.dll


While running Hijackthis, verify if these entries still exist:

O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net
O10 - Hijacked Internet access by New.Net

If they exist, we would be required to run LSPFix.exe

Instructions for using LSPFix

1. Double click on LSPFix.exe to run it.
2. Once running, you will be required to tick the disclaimer - "I know what I'm doing".
3. You'll find a windows with 2 panes.
   In the left pane which is labeled 'Keep', select all instances of:
   • newdotnet~2
4. Then click on the arrow pointing to the right, >>.
   This will move the entry to the right pane labeled 'Remove'
5. Click the Finish button to complete the fix.

Only entries similar to newdotnet need to be removed. If you see any other entries in the right pane, move them back to the "Keep" pane & post the filenames to inform me.


---------------------------------------------------------------------------------------------

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Also make sure there is no checkmark beside Hide file extensions for known file types
* Click Yes to confirm and then click OK.

---------------------------------------------------------------------------------------------


Delete the following if they exist:

C:\WINDOWS\system32\ssec.exe
C:\WINDOWS\system32\tfthot.exe
C:\WINDOWS\system32\nr1rnqm8.exe
C:\WINDOWS\system32\x3cqp0.dll
C:\windows\system32\prdsregs.exe
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\ssn6tuu.exe
C:\WINDOWS\system32\x3cqp0.dll
C:\WINDOWS\system32\rwinsqez.exe
C:\WINDOWS\system32\dwdsregt.exe
C:\WINDOWS\v1201.exe
C:\WINDOWS\algm.exe
C:\Program Files\AWS
C:\Program Files\NewDotNet
C:\Program Files\ToolBar888
w07ae388.dll<<<find via Start>Search

---------------------------------------------------------------------------------------------


Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

• Empty Recycle Bins
• Delete Cookies
• Delete Prefetch files (if present)
• Cleanup! All Users
• Click on the Temporary Files tab and uncheck the box for Scan drives for files matching if it’s checked.

Click OK
Press the CleanUp! button to start the program. Do NOT Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

---------------------------------------------------------------------------------------------

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).

---------------------------------------------------------------------------------------------

Restart in normal mode.

---------------------------------------------------------------------------------------------

Perform an online scan with Internet Explorer with Panda ActiveScan

Click on the "Free To Use ActiveScan" located on the top right hand corner

1. Click Check Now and a "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
2. Enter your e-mail address, country, and state & click Scan Now * The download of the 8 MB Panda's ActiveX control will take place *

Begin the scan by selecting My Computer

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on See report then click Save report

*Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

Run a new HijackThis scan. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with logs from:

Ewido
Panda
HJT
combofix

[betty123]

Ewido
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:19:32 PM 7/29/2006

+ Scan result:



C:\WINDOWS\SeekmoInstaller.exe/clientax.dll -> Adware.180Solutions : Cleaned with backup (quarantined).
C:\WINDOWS\icont.exe -> Adware.AdURL : Cleaned with backup (quarantined).
C:\Program Files\EngageSidebar\EffBar.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Ldresb\Ldresb.exe -> Adware.Agent : Cleaned with backup (quarantined).
C:\WINDOWS\system32\Shlesb.dll -> Adware.Agent : Cleaned with backup (quarantined).
C:\stub_sca3.exe -> Adware.BookedSpace : Cleaned with backup (quarantined).
C:\WINDOWS\system32\rvn896b6.dll -> Adware.IEHelper : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\WINDOWS\system32ftuninst.exe -> Adware.Linkmaker : Cleaned with backup (quarantined).
C:\NNuninstall.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\0041AD7C-36E2-49D8-9954-E5EE73 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\4F341F4F-399C-4C86-A493-FA0185 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\696A6BA1-666E-4A33-BF47-649455 -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\1CA103F2-F148-4273-9BA6-DBAD11\AAF4A96F-AD67-4B37-99BE-46F55B -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\Quarantine\48BB31E2-F918-4980-AAD7-BDA560\CE4CEBAE-B7DB-412A-9003-C2C22A -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup (quarantined).
C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
[488] C:\Program Files\NewDotNet\newdotnet7_22.dll -> Adware.NewDotNet : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\70tovmto -> Adware.SAHA : Cleaned with backup (quarantined).
C:\WINDOWS\system32\70tovmto.ini -> Adware.Sahat : Cleaned with backup (quarantined).
C:\WINDOWS\system32tfthot.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gbe90qs.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Program Files\Common Files\mzko\mzkod\mzkoc.dll -> Adware.TargetServer : Cleaned with backup (quarantined).
C:\ZIGID003.exe -> Adware.ZenoSearch : Cleaned with backup (quarantined).
C:\bootinit.exe -> Downloader.Adload.bo : Cleaned with backup (quarantined).
C:\WINDOWS\comserv.exe -> Downloader.Adload.ch : Cleaned with backup (quarantined).
C:\msnotify.com -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\pcdoctor.com -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\runinst.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\setup.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\setup32.exe -> Downloader.Adload.cw : Cleaned with backup (quarantined).
C:\QooBox\dmonwv.dll.vir -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\wd7gi8n.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\installerwnus.exe -> Downloader.Qoologic.at : Cleaned with backup (quarantined).
C:\Program Files\Microsoft AntiSpyware\DeactivatedItems\21EE5096-A87E-4BE2-B9D6-F5CA58.asq -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\cdhwgoa.dll.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\csvab.dat.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\mfxbo.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\odtxv.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\vvhwpf.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\QooBox\xaffalp.exe.vir -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\gfidtct.dll -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\VSL.dl_ -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\ac3_0003.exe -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\boot.pif -> Downloader.VB.afe : Cleaned with backup (quarantined).
C:\setup64.exe -> Downloader.VB.afo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pre.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\bintheredunthat\engage.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\bintheredunthat\numbsoft.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\webnexmk.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\526_620.exe -> Dropper.Mudrop.bq : Cleaned with backup (quarantined).
C:\Documents and Settings\Compaq_Owner\Desktop\backups\backup-20060729-180138-318.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined).
C:\kansup.reg -> Trojan.LowZones.f : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Fоnts\nslookup.exe -> Trojan.PurityAd : Cleaned with backup (quarantined).
C:\WINDOWS\system32ssec.exe -> Trojan.Runner.h : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).


::Report end

Panda

Incident Status Location

Adware:adware/wupd Not disinfected c:\program files\AdTools Service
Spyware:spyware/new.net Not disinfected c:\program files\NewDotNet
Potentially unwanted tool:application/seekmo Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\seekmo
Adware:adware/yazzlesudoku Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Potentially unwanted tool:application/winantivirus2006 Not disinfected hkey_local_machine\software\WinAntiVirus Pro 2006
Adware:adware/dollarrevenue Not disinfected Windows Registry
Adware:adware/xplugin Not disinfected Windows Registry
Virus:Trj/Downloader.JJK Disinfected C:\antidote.pif
Adware:Adware/Deskwizz Not disinfected C:\bintheredunthat\VSL02.exe
Adware:Adware/2Z0o Not disinfected C:\bintheredunthat\yakxxuo.exe
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@atdmt[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Compaq_Owner\Cookies\compaq_owner@go[2].txt
Adware:Adware/Maxifiles Not disinfected C:\drwin32.exe[cmdmgr3.exe]
Adware:Adware/DollarRevenue Not disinfected C:\drwin32.exe[cmdmgr3.exe][²ÜÇ\System.dll]
Adware:Adware/DollarRevenue Not disinfected C:\drwin32.exe[cmdmgr3.exe][²ÜÇ\nsProcess.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\drwin32.exe[cmdmgr3.exe][¦++\²íÇ\Update.exe]
Spyware:Spyware/Virtumonde Not disinfected C:\drwin32.exe[cmdmgr3.exe][¦++\²íÇ\services.dll]
Adware:Adware/Mytoolbar Not disinfected C:\drwin32.exe[cmdmgr3.exe][MyToolBar.dll]
Adware:Adware/Mytoolbar Not disinfected C:\drwin32.exe[cmdmgr3.exe][Activate.exe]
Spyware:Cookie/Go Not disinfected C:\found.000\file0000.chk
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}\services.dll
Adware:Adware/DollarRevenue Not disinfected C:\services.exe
Adware:Adware/PurityScan Not disinfected C:\Trelew.exe
Adware:Adware/NewAds Not disinfected C:\WINDOWS\cmdmgr.exe
Adware:Adware/Maxifiles Not disinfected C:\WINDOWS\cmdmgr3.exe
Adware:Adware/NewAds Not disinfected C:\WINDOWS\hostsmgr.exe
Virus:Trj/Downloader.JKC Disinfected C:\WINDOWS\ssqbn.exe
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\system32\instsrv.exe
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: hi\information.txt .scr
Virus:W32/Netsky.P.worm Disinfected [message.zip][details.txt .pif]
Virus:W32/Sober.I.worm Disinfected Local Folders\Deleted Items\FwD: Mail_Delivery_failure <error_:1024>\auto__mail.aol.1753.EML.scr
Virus:W32/Netsky.P.worm Disinfected [details.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected Local Folders\Deleted Items\Re: approved\file.doc.exe
HJT
Logfile of HijackThis v1.99.1
Scan saved at 9:09:23 PM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [{4D-DE-E6-6D-ZN}] C:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QV6FYDER\WinAntiVirusPro2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C97B9D9A-A22C-4BB6-A32D-FA641510A0A4}: NameServer = 208.54.220.20 209.142.136.85
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

combofix
Start Time= Sat 07/29/2006 15:09:48.06
Running from: C:\Documents and Settings\Compaq_Owner\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}]
@=""

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{76E5B607-21F9-44F1-9D1D-9015C09D9C45}\InprocServer32]
@="C:\\WINDOWS\\system32\\guard.tmp"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\bppanui.dll
C:\WINDOWS\SYSTEM32\guard.tmp
C:\WINDOWS\SYSTEM32\jt0s07d7e.dll
C:\WINDOWS\SYSTEM32\lvpo0973e.dll
C:\WINDOWS\SYSTEM32\mxvcp70.dll
C:\WINDOWS\SYSTEM32\ode32.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

15:12:30.15

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\mfxbo.exe
C:\WINDOWS\system32\dmonwv.dll
C:\WINDOWS\system32\xaffalp.exe


* * * PRE-RUN - Filepaths extracted by Memory Dump * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\uqneg.dll
C:\WINDOWS\system32\xaffalp.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\vvhwpf.exe
C:\WINDOWS\system32\mfxbo.exe
C:\WINDOWS\system32\csvab.dat
C:\WINDOWS\system32\cdhwgoa.dll
C:\WINDOWS\system32\cdhwgoa.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\odtxv.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-22 12:08:50 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-06-22 12:10:00 127,488 "C:\WINDOWS\system32\vvhwpf.exe"
2006-06-22 12:10:00 28,672 "C:\WINDOWS\system32\mfxbo.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-06-22 12:09:54 32,256 "C:\WINDOWS\system32\dmonwv.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 00:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 10:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 00:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-06-12 14:09:18 10,752 "C:\WINDOWS\system32\Shlesb.dll"
2006-05-10 00:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-06-22 12:08:50 208,896 "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-22 12:08:50 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-22 12:10:00 23,552 "C:\WINDOWS\system32\xaffalp.exe"
2006-07-29 11:41:34 233,780 "C:\WINDOWS\system32\bppanui.dll"
2006-05-10 00:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-06-22 12:10:00 51,712 "C:\WINDOWS\system32\cdhwgoa.dll"
2006-05-10 00:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 00:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-07-28 19:57:46 236,930 "C:\WINDOWS\system32\mxvcp70.dll"
2006-05-10 00:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 10:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 00:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-06-28 18:12:00 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-05-10 00:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-10 00:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-07-29 11:45:40 236,985 "C:\WINDOWS\system32\ode32.dll"
2006-06-22 12:10:00 127,488 "C:\WINDOWS\system32\csvab.dat"
2006-07-28 19:12:24 303 "C:\WINDOWS\uqneg.dll"
2006-06-22 12:09:56 53 "C:\WINDOWS\vnlovb.dat"
2006-06-22 12:10:00 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\odtxv.exe"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


06/22/2006 12:09 PM 127,488 vvhwpf.exe.vir
06/22/2006 12:09 PM 127,488 csvab.dat.vir
06/22/2006 12:09 PM 127,488 odtxv.exe.vir
06/22/2006 12:09 PM 51,712 cdhwgoa.dll.vir
06/22/2006 12:09 PM 32,256 dmonwv.dll.vir
06/22/2006 12:09 PM 28,672 mfxbo.exe.vir
06/22/2006 12:09 PM 23,552 xaffalp.exe.vir
06/22/2006 12:09 PM 53 vnlovb.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-06-22 12:08:50 28,672 "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-15 15:26:44 1,142,784 "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-22 12:08:50 45,056 "C:\WINDOWS\system32\tfthot.exe"
2006-06-15 18:39:06 131,072 "C:\WINDOWS\system32\mptft.exe"
2006-05-10 00:23:00 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-05-10 00:23:00 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-05-10 00:23:00 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-05-10 00:23:00 251,392 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 13:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 13:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 00:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-05-10 00:23:00 16,384 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-10 00:23:02 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 03:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-05-29 10:30:34 1,494,016 "C:\WINDOWS\system32\shdocvw.dll"
2006-05-10 00:23:02 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-06-28 18:12:00 8,464 "C:\WINDOWS\system32\sporder.dll"
2006-05-10 00:23:04 658,432 "C:\WINDOWS\system32\wininet.dll"
2006-05-19 07:59:42 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-05-10 00:23:00 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-05-10 00:23:00 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-05-19 10:08:32 3,052,544 "C:\WINDOWS\system32\mshtml.dll"
2006-05-10 00:23:02 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-06-12 14:09:18 10,752 "C:\WINDOWS\system32\Shlesb.dll"
2006-05-10 00:23:02 613,888 "C:\WINDOWS\system32\urlmon.dll"
2006-06-22 12:08:50 208,896 "C:\WINDOWS\system32\x3cqp0.dll"
2006-05-10 00:23:00 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-07-28 19:12:24 303 "C:\WINDOWS\uqneg.dll"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Mendoza1.exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\FV2RAKXS\drsmartload849a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\drsmartload[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\nwnmc_4[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\K9YB01E3\kybrdc_4[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RCEO1SLW\drsmartload46a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJIB4HYR\drsmartload45a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\UJIB4HYR\dfndrc_4a[1].exe
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\RCEO1SLW\MTE3NDI6ODoxNg[1].exe
C:\Program Files\snowball wars


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-29 14:46:06 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-29 14:36:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-28 19:12:24 303 ( A.... ) "C:\WINDOWS\uqneg.dll"
2006-07-28 18:04:24 24576 ( A.... ) "C:\WINDOWS\system32ssec.exe"
2006-07-28 18:04:22 24576 ( A.... ) "C:\WINDOWS\system32\ssec.exe"
2006-07-28 17:26:22 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft"
2006-07-28 17:26:12 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-28 17:24:16 2855080 ( A.... ) "C:\aawsepersonal.exe"
2006-07-28 17:18:38 857915 ( A.... ) "C:\vx2cleaner_inst.exe"
2006-07-28 16:45:32 128826 ( A.... ) "C:\NNuninstall.exe"
2006-07-28 01:24:46 23280 ( A.... ) "C:\WINDOWS\icont.exe"
2006-07-27 19:34:22 ( .D... ) "C:\Program Files\Norton AntiVirus"
2006-07-16 18:55:54 1063 ( A.... ) "C:\WINDOWS\system32\rvn896b6.sys"
2006-07-16 18:55:54 1063 ( A.... ) "C:\WINDOWS\system32\rvn896b6.sys"
2006-07-15 22:30:24 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Google"
2006-07-06 09:42:08 202768 ( A.... ) "C:\drwin32.exe"
2006-07-05 21:36:26 ( .D... ) "C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}"
2006-07-05 21:18:34 268 ( A.... ) "C:\WINDOWS\comexec.bat"
2006-07-05 20:39:02 14336 ( A.... ) "C:\WINDOWS\comsonie.exe"
2006-07-05 19:55:16 12288 ( A.... ) "C:\setup32.exe"
2006-07-05 19:23:58 12288 ( A.... ) "C:\setup.exe"
2006-07-05 16:00:22 12288 ( A.... ) "C:\runinst.exe"
2006-07-05 15:43:04 11776 ( A.... ) "C:\pcdoctor.com"
2006-07-05 06:19:10 151112 ( A.... ) "C:\WINDOWS\cmdmgr3.exe"
2006-07-04 19:42:10 677 ( A.... ) "C:\cmdhost.exe"
2006-07-04 14:21:36 12288 ( A.... ) "C:\msnotify.com"
2006-07-02 17:29:26 12288 ( A.... ) "C:\setup64.exe"
2006-07-02 15:21:46 11776 ( A.... ) "C:\msts.com"
2006-07-01 16:44:18 12800 ( A.... ) "C:\picture012.exe"
2006-06-30 20:07:32 14336 ( A.... ) "C:\install64.exe"
2006-06-30 20:05:28 14336 ( A.... ) "C:\install62.exe"
2006-06-30 16:19:44 14336 ( A.... ) "C:\install32.exe"
2006-06-29 20:24:56 12288 ( A.... ) "C:\runstd1.exe"
2006-06-29 20:24:06 12288 ( A.... ) "C:\runstd0.exe"
2006-06-29 20:23:02 12288 ( A.... ) "C:\runstd.exe"
2006-06-29 20:01:30 12288 ( A.... ) "C:\runst.exe"
2006-06-29 19:51:24 12288 ( A.... ) "C:\runset.exe"
2006-06-29 19:16:40 677 ( A.... ) "C:\runme.exe"
2006-06-28 19:23:56 ( .D... ) "C:\Program Files\Common Files\F?nts"
2006-06-28 19:23:34 ( .D... ) "C:\Program Files\ornu"
2006-06-28 19:19:06 12288 ( A.... ) "C:\hotshot.exe"
2006-06-28 18:47:42 12288 ( A.... ) "C:\rwar.exe"
2006-06-28 18:23:04 61440 ( A.... ) "C:\WINDOWS\system32\rvn896b6.dll"
2006-06-28 18:23:04 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-06-28 18:22:58 29696 ( A.... ) "C:\WINDOWS\system32\w07ae388.dll"
2006-06-28 18:13:30 ( .D... ) "C:\Program Files\EngageSidebar"
2006-06-28 18:13:28 133916 ( A.... ) "C:\WINDOWS\system32\2-20060511-1.exe"
2006-06-28 18:13:26 328704 ( A.... ) "C:\WINDOWS\system32\pre.exe"
2006-06-28 18:12:04 2560 ( A.... ) "C:\ac3_0003.exe"
2006-06-28 18:12:00 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-06-28 18:12:00 ( ADS.. ) "C:\Program Files\NewDotNet"
2006-06-28 17:33:28 12288 ( A.... ) "C:\autoexec02.exe"
2006-06-28 16:50:48 12288 ( A.... ) "C:\autoexec.exe"
2006-06-28 16:22:20 12288 ( A.... ) "C:\execfile01.exe"
2006-06-28 16:21:06 12288 ( A.... ) "C:\execfile00.exe"
2006-06-28 09:29:56 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Trevoli"
2006-06-28 09:29:44 ( .D... ) "C:\Program Files\Photo Finale"
2006-06-28 09:26:04 12800 ( A.... ) "C:\services.exe"
2006-06-27 09:08:02 3209 ( A.... ) "C:\corruptfile.exe"
2006-06-25 22:43:12 15872 ( A.... ) "C:\bootinit.exe"
2006-06-23 10:22:08 9216 ( A.... ) "C:\WINDOWS\gfidtct.dll"
2006-06-22 12:11:24 389632 ( A.... ) "C:\webnexmk.exe"
2006-06-22 12:11:06 20480 ( A.... ) "C:\stub_sca3.exe"
2006-06-22 12:10:48 362496 ( A.... ) "C:\526_620.exe"
2006-06-22 12:09:52 290816 ( A.... ) "C:\installerwnus.exe"
2006-06-22 12:08:56 ( .D... ) "C:\Program Files\Common Files\mzko"
2006-06-22 12:08:50 208896 ( A.... ) "C:\WINDOWS\system32\x3cqp0.dll"
2006-06-22 12:08:50 45056 ( A.... ) "C:\WINDOWS\system32tfthot.exe"
2006-06-22 12:08:50 45056 ( A.... ) "C:\WINDOWS\system32\tfthot.exe"
2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32ftuninst.exe"
2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32\gbe90qs.exe"
2006-06-22 12:08:50 28672 ( A.... ) "C:\WINDOWS\system32\ftuninst.exe"
2006-06-22 12:08:34 45056 ( A.... ) "C:\wd7gi8n.exe"
2006-06-22 12:07:42 45059 ( A.... ) "C:\ZIGID003.exe"
2006-06-22 1254 310122 ( A.... ) "C:\Trelew.exe"
2006-06-20 16:14:02 13824 ( A.... ) "C:\WINDOWS\comserv.exe"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-15 18:39:06 131072 ( A.... ) "C:\WINDOWS\system32\mptft.exe"
2006-06-15 15:26:44 1142784 ( A.... ) "C:\WINDOWS\system32\ssn6tuu.exe"
2006-06-15 15:26:40 24576 ( A.... ) "C:\WINDOWS\system32\nr1rnqm8.exe"
2006-06-14 22:01:56 403799 ( A.... ) "C:\WINDOWS\cmdmgr.exe"
2006-06-14 21:03:46 114174 ( A.... ) "C:\WINDOWS\hostsmgr.exe"
2006-06-12 14:09:18 10752 ( A.... ) "C:\WINDOWS\system32\Shlesb.dll"
2006-06-07 12:55:52 3753 ( A.... ) "C:\Program Files\html2.htm"
2006-06-07 12:55:52 3626 ( A.... ) "C:\Program Files\html1.htm"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-29 11:45 259,379,200 C:\hiberfil.sys
2006-07-28 18:04 24,576 C:\WINDOWS\system32ssec.exe
2006-07-28 18:04 24,576 C:\WINDOWS\system32\ssec.exe
2006-07-28 17:24 2,855,080 C:\aawsepersonal.exe
2006-07-28 17:18 857,915 C:\vx2cleaner_inst.exe
2006-07-28 16:45 128,826 C:\NNuninstall.exe
2006-07-27 22:12 23,280 C:\WINDOWS\icont.exe
2006-07-06 09:42 151,112 C:\WINDOWS\cmdmgr3.exe
2006-07-06 09:42 14,336 C:\WINDOWS\comsonie.exe
2006-07-05 20:32 202,768 C:\drwin32.exe
2006-07-05 16:00 12,288 C:\runinst.exe
2006-07-05 10:49 11,776 C:\pcdoctor.com
2006-07-04 14:43 12,288 C:\setup.exe
2006-07-04 14:40 12,288 C:\setup32.exe
2006-07-04 12:14 12,288 C:\msnotify.com
2006-07-02 12:04 11,776 C:\msts.com
2006-07-01 16:44 12,800 C:\picture012.exe
2006-06-30 21:46 677 C:\cmdhost.exe
2006-06-30 20:07 14,336 C:\install64.exe
2006-06-30 20:05 14,336 C:\install62.exe
2006-06-30 16:19 14,336 C:\install32.exe
2006-06-30 16:14 12,288 C:\setup64.exe
2006-06-29 20:24 12,288 C:\runstd1.exe
2006-06-29 20:24 12,288 C:\runstd0.exe
2006-06-29 20:23 12,288 C:\runstd.exe
2006-06-29 20:01 12,288 C:\runst.exe
2006-06-29 19:51 12,288 C:\runset.exe
2006-06-29 18:15 677 C:\runme.exe
2006-06-28 20:10 403,799 C:\WINDOWS\cmdmgr.exe
2006-06-28 19:19 12,288 C:\hotshot.exe
2006-06-28 18:47 12,288 C:\rwar.exe
2006-06-28 18:23 61,440 C:\WINDOWS\system32\rvn896b6.dll
2006-06-28 18:23 38,412 C:\WINDOWS\ssqbn.exe
2006-06-28 18:23 1,063 C:\WINDOWS\system32\rvn896b6.sys
2006-06-28 18:22 29,696 C:\WINDOWS\system32\w07ae388.dll
2006-06-28 18:13 328,704 C:\WINDOWS\system32\pre.exe
2006-06-28 18:13 133,916 C:\WINDOWS\system32\2-20060511-1.exe
2006-06-28 18:12 2,560 C:\ac3_0003.exe
2006-06-28 18:11 8,464 C:\WINDOWS\system32\sporder.dll
2006-06-28 17:33 12,288 C:\autoexec02.exe
2006-06-28 16:50 12,288 C:\autoexec.exe
2006-06-28 16:22 12,288 C:\execfile01.exe
2006-06-28 16:21 12,288 C:\execfile00.exe
2006-06-28 09:26 12,800 C:\services.exe
2006-06-27 09:08 3,209 C:\corruptfile.exe
2006-06-25 22:31 15,872 C:\bootinit.exe
2006-06-23 10:22 9,216 C:\WINDOWS\gfidtct.dll
2006-06-23 08:05 268 C:\WINDOWS\comexec.bat
2006-06-23 08:05 13,824 C:\WINDOWS\comserv.exe
2006-06-23 08:05 114,174 C:\WINDOWS\hostsmgr.exe
2006-06-22 12:11 20,480 C:\stub_sca3.exe
2006-06-22 12:10 389,632 C:\webnexmk.exe
2006-06-22 12:09 362,496 C:\526_620.exe
2006-06-22 12:09 303 C:\WINDOWS\uqneg.dll
2006-06-22 12:09 290,816 C:\installerwnus.exe
2006-06-22 12:08 45,056 C:\WINDOWS\system32tfthot.exe
2006-06-22 12:08 45,056 C:\WINDOWS\system32\tfthot.exe
2006-06-22 12:08 45,056 C:\wd7gi8n.exe
2006-06-22 12:08 28,672 C:\WINDOWS\system32ftuninst.exe
2006-06-22 12:08 28,672 C:\WINDOWS\system32\gbe90qs.exe
2006-06-22 12:08 28,672 C:\WINDOWS\system32\ftuninst.exe
2006-06-22 12:08 24,576 C:\WINDOWS\system32\nr1rnqm8.exe
2006-06-22 12:08 208,896 C:\WINDOWS\system32\x3cqp0.dll
2006-06-22 12:08 131,072 C:\WINDOWS\system32\mptft.exe
2006-06-22 12:08 1,142,784 C:\WINDOWS\system32\ssn6tuu.exe
2006-06-22 12:07 45,059 C:\ZIGID003.exe
2006-06-22 12:06 310,122 C:\Trelew.exe
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"Alcmtr"="ALCMTR.EXE"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"DIGServices"="C:\\Program Files\\ESPNRunTime\\DIGServices.exe /brand=ESPN /priority=0 /poll=24"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"InetCntrl"="C:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe"
"{4D-DE-E6-6D-ZN}"="C:\\windows\\system32\\dwdsregt.exe GID003"
"ftexc"="C:\\WINDOWS\\system32\\mptft.exe"
"Hhl7RfpJ"="\"C:\\WINDOWS\\system32\\ssn6tuu.exe\""
"NI.UWA6P_0001_N822M1605"="\"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\QV6FYDER\\WinAntiVirusPro2006FreeInstall[1].exe\" -nag "
"rvn896b6"="RUNDLL32.EXE w07ae388.dll,n 001896b50000000307ae388"
"New.net Startup"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg"
"SubscribedURL"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,e9,01,41,c0,b4,74,30,f0,d5,03,68,de,e9,01,20,6d,\
e9,01,ab,de,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg"
"SubscribedURL"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,02,00,00,19,01,00,00,dc,00,00,00,d2,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,ee,03,00,00,bc,04,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,c8,00,41,c0,b4,74,58,26,20,03,68,de,c8,00,20,6d,\
c8,00,c7,db,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"mzko"="C:\\PROGRA~1\\COMMON~1\\mzko\\mzkom.exe"
"rjsqq"="C:\\WINDOWS\\system32\\vvhwpf.exe reg_run"
"Srro"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\nslookup.exe\" -vt yazr"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{50D4DE6D-0B74-1033-0827-040802200001}"="\"C:\\Program Files\\Common Files\\{50D4DE6D-0B74-1033-0827-040802200001}\\Update.exe\" mc-110-12-0000488"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"mzko"="C:\\PROGRA~1\\COMMON~1\\mzko\\mzkom.exe"
"rjsqq"="C:\\WINDOWS\\system32\\vvhwpf.exe reg_run"
"Srro"="\"C:\\PROGRA~1\\COMMON~1\\FNTS~1\\nslookup.exe\" -vt yazr"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]
"{50D4DE6D-0B74-1033-0827-040802200001}"="\"C:\\Program Files\\Common Files\\{50D4DE6D-0B74-1033-0827-040802200001}\\Update.exe\" mc-110-12-0000488"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Compaq Connections.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Connections.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMPAQ~1\\6750491\\Program\\COMPAQ~1.EXE -startup"
"item"="Compaq Connections"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkbMonitor.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\PICTUR~1\\NKBMON~1.EXE "
"item"="NkbMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]
"path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Compaq Organize.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Organize.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\COMPAQ~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\""
"item"="Compaq Organize"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdTools"
"hkey"="HKLM"
"command"="C:\\Program Files\\AdTools Service\\AdTools.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLoaderAproposClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CXTPLS~1"
"hkey"="HKLM"
"command"="\"C:\\temp\\CXTPLS~1.EXE\" /PC=CP.CDT3 /ShowLegalNote=nonbranded /ForSupportedBrowsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AutoUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dw53RhN5g]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="admppp"
"hkey"="HKCU"
"command"="admppp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gah95on6"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\gah95on6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb05"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize313"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize313.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhqhyb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mhqhyb"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\mhqhyb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s7mT3nh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alriscon"
"hkey"="HKLM"
"command"="alriscon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="salm"
"hkey"="HKLM"
"command"="c:\\temp\\salm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0400"
"hkey"="HKLM"
"command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yzdrx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Fcrzq"
"hkey"="HKLM"
"command"="C:\\Program Files\\Yacy\\Fcrzq.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 07/29/2006 15:20:18.98
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-29.150947.txt

[tetonbob]

Good job...now for round 2. This is still very messy, and will take more time.

I have attached a file to this post - betty.zip Download this file to your desktop. Double click on the zip folder, then double click on the reg file within. Click yes to allow it to merge into your registry.

---------------------------------------------------------------------------------------------

• Next, click Start > Control Panel > Add/Remove Programs
• In the list of installed software, look for PuritySCAN By OIN, OuterInfo, OIN Snowballwars By OIN Cowabanga By OIN or similar
• If you find it:
• Click on it and click Remove.
• Reboot and delete the folder C:\Program Files\PurityScan (if it's still there)
• if not:
• Download and run the Oiuninstaller
  There is a tutorial for the uninstaller available
• When the uninstaller is done, reboot and delete the folder C:\Program Files\PurityScan (if it's still there)

---------------------------------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. Check the following entries if they exist (make sure you do not miss any) and click Fix Checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O4 - HKLM\..\Run: [{4D-DE-E6-6D-ZN}] C:\windows\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QV6FYDER\WinAntiVirusPro2006Free Install[1].exe" -nag

---------------------------------------------------------------------------------------------

Delete the following if they exist:

c:\program files\AdTools Service
c:\program files\NewDotNet
C:\bintheredunthat
C:\found.000\file0000.chk
C:\Program Files\Common Files\{50D4DE6D-0B74-1033-0827-040802200001}
C:\services.exe
C:\Trelew.exe
C:\WINDOWS\cmdmgr.exe
C:\WINDOWS\cmdmgr3.exe
C:\WINDOWS\hostsmgr.exe
C:\WINDOWS\comsonie.exe
C:\picture012.exe
C:\cmdhost.exe
C:\setup64.exe
C:\runstd1.exe
C:\runstd0.exe
C:\runstd.exe
C:\runst.exe
C:\runset.exe
C:\runme.exe
C:\WINDOWS\cmdmgr.exe
C:\hotshot.exe
C:\rwar.exe
C:\WINDOWS\system32\rvn896b6.sys
C:\autoexec02.exe
C:\autoexec.exe
C:\execfile01.exe
C:\execfile00.exe
C:\corruptfile.exe
C:\WINDOWS\comexec.bat
C:\webnexmk.exe
C:\526_620.exe
C:\WINDOWS\uqneg.dll

Also, delete this folder:

C:\Program Files\Common Files\F?nts<<<May appears as Fonts. Only delete the folder with this creation date: 2006-06-28 19:23:56 Right click on the folder, and select properties to be sure.

Please tell me the contents of this folder:

C:\Program Files\ornu<<created 2006-06-28 19:23:34

If any resist deletion, boot to safe mode and delete from there.

---------------------------------------------------------------------------------------------

From normal mode:

Please submit the following file to Jotti File Scan

C:\msnotify.com

At the top of the window you should see "File to Upload & scan" and a blank box. Copy and paste the red text from above into the box. Then click "submit".

When it is finished, please copy and paste the information listed under "Service" and "Scanner Results" here.

Repeat for:

C:\msts.com
C:\install64.exe
C:\install62.exe
C:\install32.exe


---------------------------------------------------------------------------------------------

* Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

• Doubleclick the drweb-cureit.exe file and Allow to run the express scan
• This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
• Once the short scan has finished, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'Yes to all' if it asks if you want to cure/move the file.
• When the scan has finished, look if you can click next icon next to the files found:
• If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
  
  This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
• After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
• After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

---------------------------------------------------------------------------------------------

We need to update your Java as it is out of date. The older version is a security risk, as malware writers exploit the weaknesses in it's code.

Updating Java:

• Go to Start > Control Panel double-click on the Software icon, Add or Remove programs.
• Search in the list for all previous installed versions of Java. (Java 2 Runtime Environment, SE 1.4.2_03, J2SE Runtime Environment 5.0 Update 2.... )
• Select it and click Remove.
• Then Download and install the newest version from here:
  http://www.java.com/en/download/manual.jsp
  
• After the reboot, go back into the Control Panel and double-click the Java Icon.
• Under Temporary Internet Files, click the Delete Files button.
• There are three options in the window to clear the cache - Leave ALL 3 Checked
  • Downloaded Applets
  • Downloaded Applications
  • Other Files
• Click OK on Delete Temporary Files Window
  Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
• Click OK to leave the Java Control Panel.

---------------------------------------------------------------------------------------------

Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Leave the scanning options at default and press "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop then come back here and post it in your next reply

Download Ad-aware at http://www.lavasoftusa.com/ and install it if you don't have it already. Make sure it's the newest version and check for any updates before running it. Also go to http://www.lavasoftusa.com/software/...2cleaner.shtml to download the plug-in for fixing VX2 variants. To run this tool, go into Ad-aware->Add-ons and select VX2 Cleaner. Then click Run Tool and OK to start it. If it's clean, it will say Status System Clean. Otherwise, you will have to click on the Clean button to remove the VX2 infection. Also make sure to customize the settings in Ad-aware at http://www.greyknight17.com/spyware.php#adaware for better scan results. Run the scan and fix everything that it finds.

Download and install Spybot S&D http://security.kolla.de/. Run Spybot and click on the 'Search for Updates' button. Install any updates that are available.

Now click Mode menu and choose 'Advanced Mode'. Next click on Immunize to your left. Click the Immunize button (green cross) on top to Immunize your computer - you should do this each time there is an update. Do NOT enable Spybot TeaTimer Resident protection at this time. What this will do is monitor any system/registry changes and will ask you for permission to change any of these settings. It may also hinder our fix at this point. You may enable it after the fix is complete.

Now click on the 'Spybot-S&D' option on the top left to go back to the main screen. Next click on the 'Check for Problems' button. Let it run the scan. If it finds something, check all those in RED and hit the 'Fix Selected Problems' button. Exit Spybot. If you keep getting the DSO Exploit entries, even after you updated Windows and fixed them, then download the Spybot DSO Exploit Fix http://majorgeeks.com/download4392.html and install it over the current Spybot installation.

---------------------------------------------------------------------------------------------

Run ComboFix once again.

---------------------------------------------------------------------------------------------

Open Hijack This and click on 'Do a System Scan and save a Logfile'. Save the log file and post it here.

---------------------------------------------------------------------------------------------

Please return with results from:

DrWeb
ComboFix
HJT
jotti scan

Is your Norton subscription up to date? Have you run a scan recently?

Let me know how your system is behaving at the end of all this.

[betty123]

contents of C:\Program Files\ornu
nothing

DrWeb
install32.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;
install62.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;
install64.exe;C:\;Adware.DollarRevenue;Incurable.Moved.;
msts.com;C:\;Adware.DollarRevenue;Incurable.Moved.;
html1.htm\Javascript.0;C:\Program Files\html1.htm;Trojan.Click.1237;;
html1.htm;C:\Program Files;Archive contains infected objects;Moved.;
html2.htm\Javascript.0;C:\Program Files\html2.htm;Trojan.Click.1237;;
html2.htm;C:\Program Files;Archive contains infected objects;Moved.;
WxBug.EXE;C:\Program Files\AIM\Sysfiles;Adware.Aws;Incurable.Moved.;
Dc10.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc11.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc12.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc13.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc14.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc16.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc17.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc21.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc23.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc24.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc25.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc26.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc6.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
Dc8.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009;Adware.DollarRevenue;Incurable.Moved.;
yakxxuo.exe;C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-1009\Dc5;Trojan.Popuper;Deleted.;
A0152262.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.DownLoader.9440;Deleted.;
A0152265.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;BackDoor.Generic.1219;Deleted.;
A0152271.pif;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.DollarRevenue;Incurable.Moved.;
A0152272.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.DollarRevenue;Incurable.Moved.;
A0152278.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.Dyfuca;Deleted.;
A0152279.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.Dyfuca;Deleted.;
A0152280.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.Enbrow;Incurable.Moved.;
A0152281.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;BackDoor.Generic.1219;Deleted.;
A0152283.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.Click.1211;Deleted.;
A0152285.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.Click.1166;Deleted.;
A0152286.exe\data001;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477\A0152286.exe;Trojan.Popuper;;
A0152286.exe\data002;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477\A0152286.exe;Trojan.Popuper;;
A0152286.exe\data004;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477\A0152286.exe;Trojan.Dyfuca;;
A0152286.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Archive contains infected objects;Moved.;
A0152287.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.DownLoader.5013;Deleted.;
A0152288.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.DownLoader.5013;Deleted.;
A0152289.EXE;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.NewDotNet;Incurable.Moved.;
A0152290.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.Popuper;Deleted.;
A0152291.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.Surfside;Incurable.Moved.;
A0152292.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.TargetServer;Incurable.Moved.;
A0152294.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.Look2me;Incurable.Moved.;
A0152295.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.Look2me;Incurable.Moved.;
A0153269.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.Look2me;Incurable.Moved.;
A0153270.pif;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.DollarRevenue;Incurable.Moved.;
A0153271.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.DollarRevenue;Incurable.Moved.;
A0153292.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.Look2me;Incurable.Moved.;
A0153298.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Adware.Look2me;Incurable.Moved.;
A0153306.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP477;Trojan.DownLoader.10320;Incurable.Moved.;
A0153310.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Adware.DollarRevenue;Incurable.Moved.;
A0153312.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Trojan.DownLoader.10320;Incurable.Moved.;
A0153321.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Trojan.DownLoader.10320;Incurable.Moved.;
A0153324.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Trojan.DownLoader.10320;Incurable.Moved.;
A0153327.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Trojan.DownLoader.10320;Incurable.Moved.;
A0153330.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Trojan.DownLoader.10320;Incurable.Moved.;
A0153333.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Adware.Look2me;Incurable.Moved.;
A0153339.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Adware.Look2me;Incurable.Moved.;
A0153341.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Adware.DollarRevenue;Incurable.Moved.;
A0153343.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP478;Trojan.DownLoader.10320;Incurable.Moved.;
A0153357.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP479;Adware.Look2me;Incurable.Moved.;
A0153363.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP479;Adware.Look2me;Incurable.Moved.;
A0153364.pif;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP479;Adware.DollarRevenue;Incurable.Moved.;
A0153376.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP479;Adware.Look2me;Incurable.Moved.;
A0153384.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP479;Adware.Look2me;Incurable.Moved.;
A0153390.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Adware.Look2me;Incurable.Moved.;
A0153396.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Adware.Look2me;Incurable.Moved.;
A0153403.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Adware.Look2me;Incurable.Moved.;
A0153409.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Adware.Look2me;Incurable.Moved.;
A0153411.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Adware.DollarRevenue;Incurable.Moved.;
A0153417.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Adware.Look2me;Incurable.Moved.;
A0153425.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Adware.DollarRevenue;Incurable.Moved.;
A0153427.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP480;Trojan.DownLoader.10320;Incurable.Moved.;
A0153446.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP481;Adware.Look2me;Incurable.Moved.;
A0153447.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP481;Adware.Look2me;Incurable.Moved.;
A0153459.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP481;Adware.Look2me;Incurable.Moved.;
A0153460.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP481;Adware.Look2me;Incurable.Moved.;
A0154459.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP481;Adware.Look2me;Incurable.Moved.;
A0154487.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.Look2me;Incurable.Moved.;
A0154495.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.Look2me;Incurable.Moved.;
A0154499.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.DollarRevenue;Incurable.Moved.;
A0154500.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Trojan.Click.911;Deleted.;
A0154501.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Trojan.DownLoader.9440;Deleted.;
A0154507.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.Look2me;Incurable.Moved.;
A0154512.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.Look2me;Incurable.Moved.;
A0154523.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.DollarRevenue;Incurable.Moved.;
A0154524.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.DollarRevenue;Incurable.Moved.;
A0154526.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Trojan.DownLoader.10320;Incurable.Moved.;
A0154527.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP482;Adware.DollarRevenue;Incurable.Moved.;
A0154537.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP483;Adware.NewDotNet;Incurable.Moved.;
A0154538.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP483;Adware.Look2me;Incurable.Moved.;
A0154549.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP483;Adware.Look2me;Incurable.Moved.;
A0154556.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP483;Adware.DollarRevenue;Incurable.Moved.;
A0154558.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP483;Adware.Look2me;Incurable.Moved.;
A0154567.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP483;Adware.DollarRevenue;Incurable.Moved.;
A0155558.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP484;Adware.Look2me;Incurable.Moved.;
A0156558.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP485;Adware.Look2me;Incurable.Moved.;
A0156570.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP485;Adware.DollarRevenue;Incurable.Moved.;
A0156571.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP485;Adware.DollarRevenue;Incurable.Moved.;
A0157558.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP486;Adware.Look2me;Incurable.Moved.;
A0158558.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP486;Adware.Look2me;Incurable.Moved.;
A0158577.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.DollarRevenue;Incurable.Moved.;
A0158580.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.Look2me;Incurable.Moved.;
A0158585.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.Look2me;Incurable.Moved.;
A0158595.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.Look2me;Incurable.Moved.;
A0158603.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.Look2me;Incurable.Moved.;
A0158609.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.Look2me;Incurable.Moved.;
A0158617.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.Look2me;Incurable.Moved.;
A0158622.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP487;Adware.DollarRevenue;Incurable.Moved.;
A0158629.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158633.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158638.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158642.com;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.DollarRevenue;Incurable.Moved.;
A0158645.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.DollarRevenue;Incurable.Moved.;
A0158653.EXE;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.NewDotNet;Incurable.Moved.;
A0158654.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.NewDotNet;Incurable.Moved.;
A0158655.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.NewDotNet;Incurable.Moved.;
A0158656.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.NewDotNet;Incurable.Moved.;
A0158657.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158658.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158659.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158660.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158661.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158662.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158663.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158664.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158665.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158666.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158667.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Trojan.DownLoader.5013;Deleted.;
A0158668.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Trojan.DownLoader.5013;Deleted.;
A0158669.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Surfside;Incurable.Moved.;
A0158670.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.TargetServer;Incurable.Moved.;
A0158671.exe\data001;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488\A0158671.exe;Trojan.Popuper;;
A0158671.exe\data002;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488\A0158671.exe;Trojan.Popuper;;
A0158671.exe\data004;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488\A0158671.exe;Trojan.Dyfuca;;
A0158671.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Archive contains infected objects;Moved.;
A0158673.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158681.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158774.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158779.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0158781.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.DollarRevenue;Incurable.Moved.;
A0158788.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.DollarRevenue;Incurable.Moved.;
A0158789.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.DollarRevenue;Incurable.Moved.;
A0158791.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.DollarRevenue;Incurable.Moved.;
A0159781.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.Look2me;Incurable.Moved.;
A0159787.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.DollarRevenue;Incurable.Moved.;
A0159788.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Trojan.Starter.65;Deleted.;
A0159791.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP488;Adware.FastSearch;Incurable.Moved.;
A0160778.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0161778.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0161793.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0161801.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0162800.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0162806.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0162812.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0162820.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0162826.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0163824.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0163833.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0163840.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0164838.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0165837.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0166840.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP489;Adware.Look2me;Incurable.Moved.;
A0167837.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168841.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168845.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168853.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168858.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168869.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168874.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168895.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0168901.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0169900.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0169910.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0169918.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0169924.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0169932.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0169946.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0169954.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0170950.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP490;Adware.Look2me;Incurable.Moved.;
A0170983.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP491;Adware.Look2me;Incurable.Moved.;
A0170989.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP491;Adware.Look2me;Incurable.Moved.;
A0170997.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP491;Adware.Look2me;Incurable.Moved.;
A0171002.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP491;Adware.Look2me;Incurable.Moved.;
A0172004.DLL;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP491;Adware.Look2me;Incurable.Moved.;
A0173001.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP492;Adware.Look2me;Incurable.Moved.;
A0173014.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0173019.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0174018.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0174028.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0174034.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0174044.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0174050.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0175048.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0176048.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP493;Adware.Look2me;Incurable.Moved.;
A0177049.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP494;Adware.Look2me;Incurable.Moved.;
A0177058.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP494;Adware.Look2me;Incurable.Moved.;
A0177064.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP494;Adware.Look2me;Incurable.Moved.;
A0178063.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP494;Adware.Look2me;Incurable.Moved.;
A0178067.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP495;Adware.Look2me;Incurable.Moved.;
A0178072.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP495;Adware.Look2me;Incurable.Moved.;
A0179072.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP495;Adware.Look2me;Incurable.Moved.;
A0180072.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP496;Adware.Look2me;Incurable.Moved.;
A0181072.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP496;Adware.Look2me;Incurable.Moved.;
A0182283.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182293.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.NewDotNet;Incurable.Moved.;
A0182294.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182295.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182296.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182297.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182298.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182299.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182300.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Trojan.DownLoader.5013;Deleted.;
A0182301.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Trojan.DownLoader.5013;Deleted.;
A0182303.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP497;Adware.Look2me;Incurable.Moved.;
A0182316.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182326.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182334.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182335.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182336.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182337.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182338.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182339.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182340.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182341.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182342.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182343.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182344.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182345.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182346.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182347.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182348.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182349.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182350.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182351.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182352.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182353.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182354.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182355.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182356.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182357.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182358.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182359.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182360.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182361.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182362.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182363.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182364.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182365.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182366.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182367.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.Look2me;Incurable.Moved.;
A0182368.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Trojan.DownLoader.5289;Deleted.;
A0182369.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.TargetServer;Incurable.Moved.;
A0182370.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.TargetServer;Incurable.Moved.;
A0182371.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP498;Adware.TargetServer;Incurable.Moved.;
A0182373.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Adware.Look2me;Incurable.Moved.;
A0182374.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Win32.HLLW.MyBot.based;Deleted.;
A0182375.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Adware.Look2me;Incurable.Moved.;
A0182388.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Adware.AddUrl;Incurable.Moved.;
A0182393.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Adware.Look2me;Incurable.Moved.;
A0182394.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Adware.Look2me;Incurable.Moved.;
A0182423.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Adware.Look2me;Incurable.Moved.;
A0182432.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP499;Adware.Look2me;Incurable.Moved.;
A0182474.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182489.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182492.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Trojan.DownLoader.9440;Deleted.;
A0182495.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.FastSearch;Incurable.Moved.;
A0182497.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Trojan.Click.686;Deleted.;
A0182498.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Zesty;Incurable.Moved.;
A0182499.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Trojan.DownLoader.10320;Incurable.Moved.;
A0182507.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182515.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182522.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182523.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182525.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182526.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182531.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP502;Adware.Look2me;Incurable.Moved.;
A0182554.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182557.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182558.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182559.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182560.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182561.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182562.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182563.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182564.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182565.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182566.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182567.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182568.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182569.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182570.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182571.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182572.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182573.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182574.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182575.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182576.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182577.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182578.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182579.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182580.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182581.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182582.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182583.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Click.1256;Deleted.;
A0182584.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182585.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182586.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182587.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Click.1206;Deleted.;
A0182588.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Click.1206;Deleted.;
A0182589.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Click.1206;Deleted.;
A0182590.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Click.1206;Deleted.;
A0182591.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10581;Deleted.;
A0182592.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182593.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10581;Deleted.;
A0182594.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10308;Deleted.;
A0182595.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10308;Deleted.;
A0182596.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10308;Deleted.;
A0182597.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10308;Deleted.;
A0182598.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182599.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182600.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182601.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182602.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182603.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Click.1274;Deleted.;
A0182604.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0182605.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.8290;Deleted.;
A0182606.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.ZenoSearch;Incurable.Moved.;
A0182607.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.ZenoSearch;Incurable.Moved.;
A0182608.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.ZenoSearch;Incurable.Moved.;
A0182609.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.MediaTicket;Incurable.Moved.;
A0182612.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182621.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182630.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182641.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182648.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182724.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Qoologic;Deleted.;
A0182725.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Qoologic;Deleted.;
A0182727.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Qoologic;Deleted.;
A0182728.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.8933;Deleted.;
A0182730.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Qoologic;Deleted.;
A0182731.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Qoologic;Deleted.;
A0182800.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.MediaTicket;Incurable.Moved.;
A0182803.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182804.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182805.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182806.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182807.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Look2me;Incurable.Moved.;
A0182862.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Yavak;Incurable.Moved.;
A0182867.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Yavak;Incurable.Moved.;
A0183078.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Yavak;Incurable.Moved.;
A0183079.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10919;Deleted.;
A0183081.exe\data001;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503\A0183081.exe;Trojan.Popuper;;
A0183081.exe\data002;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503\A0183081.exe;Trojan.Popuper;;
A0183081.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Archive contains infected objects;Moved.;
A0183082.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10918;Deleted.;
A0183083.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.MulDrop.2785;Deleted.;
A0183084.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.MulDrop.2785;Deleted.;
A0183085.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.MulDrop.2785;Deleted.;
A0183086.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.MulDrop.2785;Deleted.;
A0183087.pif;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183088.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183089.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Nexus;Incurable.Moved.;
A0183090.reg;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.LowZones;Deleted.;
A0183091.com;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183092.com;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183093.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183094.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183095.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183096.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.PurityAd;Deleted.;
A0183097.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.Starter.65;Deleted.;
A0183098.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183099.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.3945;Deleted.;
A0183100.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183101.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10662;Deleted.;
A0183103.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.NewDotNet;Incurable.Moved.;
A0183104.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.NewDotNet;Incurable.Moved.;
A0183105.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.TargetServer;Incurable.Moved.;
A0183106.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Effbar;Incurable.Moved.;
A0183107.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Effbar;Incurable.Moved.;
A0183108.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Effbar;Incurable.Moved.;
A0183109.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Trojan.DownLoader.10588;Deleted.;
A0183111.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Zango;Incurable.Moved.;
A0183113.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Linkmaker;Incurable.Moved.;
A0183114.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Linkmaker;Incurable.Moved.;
A0183115.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.Yavak;Incurable.Moved.;
A0183116.dll;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.IEHelper;Incurable.Moved.;
A0183118.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.ZenoSearch;Incurable.Moved.;
A0183128.pif;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP503;Adware.DollarRevenue;Incurable.Moved.;
A0183158.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP504;Adware.DollarRevenue;Incurable.Moved.;
A0183163.exe;C:\System Volume Information\_restore{9E5D6150-43DD-4EFE-BA2E-C2D145F39FFA}\RP504;Trojan.Popuper;Deleted.;

ComboFix
Start Time= Sun 07/30/2006 17:44:14.43
Running from: C:\Documents and Settings\Compaq_Owner\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-30 16:52:20 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-30 13:19:14 ( .D... ) "C:\Program Files\Common Files\Java"
2006-07-29 14:46:06 ( .D... ) "C:\Program Files\CleanUp!"
2006-07-29 14:36:48 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-07-28 17:26:22 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Lavasoft"
2006-07-28 17:26:12 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-28 17:24:16 2855080 ( A.... ) "C:\aawsepersonal.exe"
2006-07-28 17:18:38 857915 ( A.... ) "C:\vx2cleaner_inst.exe"
2006-07-27 19:34:22 ( .D... ) "C:\Program Files\Norton AntiVirus"
2006-07-15 22:30:24 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Google"
2006-07-06 09:42:08 202768 ( A.... ) "C:\drwin32.exe"
2006-06-28 19:23:34 ( .D... ) "C:\Program Files\ornu"
2006-06-28 18:13:30 ( .D... ) "C:\Program Files\EngageSidebar"
2006-06-28 18:13:28 133916 ( A.... ) "C:\WINDOWS\system32\2-20060511-1.exe"
2006-06-28 18:12:00 8464 ( A.... ) "C:\WINDOWS\system32\sporder.dll"
2006-06-28 09:29:56 ( .D... ) "C:\Documents and Settings\Compaq_Owner\Application Data\Trevoli"
2006-06-28 09:29:44 ( .D... ) "C:\Program Files\Photo Finale"
2006-06-22 12:08:56 ( .D... ) "C:\Program Files\Common Files\mzko"
2006-06-19 16:20:42 702768 ( ..... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-25 01:22:06 53248 ( A.... ) "C:\WINDOWS\bdoscandel.exe"
2006-05-19 07:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 07:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 07:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-30 13:52 49,250 C:\WINDOWS\system32\javaw.exe
2006-07-30 13:52 49,248 C:\WINDOWS\system32\java.exe
2006-07-30 13:52 127,078 C:\WINDOWS\system32\javaws.exe
2006-07-29 19:50 73,728 C:\WINDOWS\system32\asuninst.exe
2006-07-29 19:50 11,776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-29 19:21 259,379,200 C:\hiberfil.sys
2006-07-28 17:24 2,855,080 C:\aawsepersonal.exe
2006-07-28 17:18 857,915 C:\vx2cleaner_inst.exe
2006-07-05 20:32 202,768 C:\drwin32.exe
2006-06-28 18:13 133,916 C:\WINDOWS\system32\2-20060511-1.exe
2006-06-28 18:11 8,464 C:\WINDOWS\system32\sporder.dll
2006-06-19 16:20 702,768 C:\WINDOWS\system32\WgaLogon.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"AGRSMMSG"="AGRSMMSG.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"SoundMan"="SOUNDMAN.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"DIGStream"="C:\\Program Files\\DIGStream\\digstream.exe"
"DIGServices"="C:\\Program Files\\ESPNRunTime\\DIGServices.exe /brand=ESPN /priority=0 /poll=24"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"URLLSTCK.exe"="C:\\Program Files\\Norton Internet Security\\UrlLstCk.exe"
"InetCntrl"="C:\\WINDOWS\\system32\\InetCntrl\\InetCntrl.exe"
"NI.UWA6P_0001_N822M1605"="\"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\Temporary Internet Files\\Content.IE5\\QV6FYDER\\WinAntiVirusPro2006FreeInstall[1].exe\" -nag "
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg"
"SubscribedURL"="http://graphics.fansonly.com/photos/schools/iowa/sports/w-track/auto_headshot/p-headobrien.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,00,00,e8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,69,00,00,00,9b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,e9,01,41,c0,b4,74,30,f0,d5,03,68,de,e9,01,20,6d,\
e9,01,ab,de,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg"
"SubscribedURL"="http://www.lib.utexas.edu/maps/middle_east_and_asia/india_pol01.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,12,02,00,00,19,01,00,00,dc,00,00,00,d2,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,ee,03,00,00,bc,04,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:14,6d,c8,00,41,c0,b4,74,58,26,20,03,68,de,c8,00,20,6d,\
c8,00,c7,db,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{9EF34FF2-3396-4527-9D27-04C8C1C67806}"="Microsoft AntiSpyware Service Hook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Compaq Connections.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Compaq Connections.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Connections.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\COMPAQ~1\\6750491\\Program\\COMPAQ~1.EXE -startup"
"item"="Compaq Connections"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NkbMonitor.exe.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\NkbMonitor.exe.lnk"
"backup"="C:\\WINDOWS\\pss\\NkbMonitor.exe.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Nikon\\PICTUR~1\\NKBMON~1.EXE "
"item"="NkbMonitor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Compaq_Owner^Start Menu^Programs^Startup^Compaq Organize.lnk]
"path"="C:\\Documents and Settings\\Compaq_Owner\\Start Menu\\Programs\\Startup\\Compaq Organize.lnk"
"backup"="C:\\WINDOWS\\pss\\Compaq Organize.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\HEWLET~1\\COMPAQ~1\\bin\\DISPLA~1.EXE \"-application\" \"core.hp.main/application.xml\" \"-appname\" \"eLife\""
"item"="Compaq Organize"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdTools Service]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdTools"
"hkey"="HKLM"
"command"="C:\\Program Files\\AdTools Service\\AdTools.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AGRSMMSG"
"hkey"="HKLM"
"command"="AGRSMMSG.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCMTR"
"hkey"="HKLM"
"command"="ALCMTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCWZRD"
"hkey"="HKLM"
"command"="ALCWZRD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcxMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ALCXMNTR"
"hkey"="HKLM"
"command"="ALCXMNTR.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoLoaderAproposClient]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CXTPLS~1"
"hkey"="HKLM"
"command"="\"C:\\temp\\CXTPLS~1.EXE\" /PC=CP.CDT3 /ShowLegalNote=nonbranded /ForSupportedBrowsers"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AutoUpdater]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AutoUpdate"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\AutoUpdate\\AutoUpdate.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="bargains"
"hkey"="HKLM"
"command"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dw53RhN5g]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="admppp"
"hkey"="HKCU"
"command"="admppp.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gah95on6]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="gah95on6"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\gah95on6.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hkcmd"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\hkcmd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpztsb05"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\hpztsb05.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="igfxtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\igfxtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Internet Optimizer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="optimize313"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Internet Optimizer\\optimize313.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="KBD"
"hkey"="HKLM"
"command"="C:\\HP\\KBD\\KBD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mhqhyb]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mhqhyb"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\mhqhyb.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ps2"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\ps2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Remind_XP"
"hkey"="HKLM"
"command"="\"C:\\Windows\\Creator\\Remind_XP.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\s7mT3nh]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="alriscon"
"hkey"="HKLM"
"command"="alriscon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\salm]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="salm"
"hkey"="HKLM"
"command"="c:\\temp\\salm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SNDMon"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VTTimer"
"hkey"="HKLM"
"command"="VTTimer.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Weather"
"hkey"="HKCU"
"command"="C:\\Program Files\\AWS\\WeatherBug\\Weather.exe 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WildTangent CDA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="cdaEngine0400"
"hkey"="HKLM"
"command"="RUNDLL32.exe \"C:\\Program Files\\WildTangent\\Apps\\CDA\\cdaEngine0400.dll\",cdaEngineMain"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yzdrx]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Fcrzq"
"hkey"="HKLM"
"command"="C:\\Program Files\\Yacy\\Fcrzq.exe"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Run Full System Scan - Compaq_Owner.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sun 07/30/2006 17:44:37.21
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-29.150947.txt
ComboFix.2006-07-30.174414.txt

HJT
Logfile of HijackThis v1.99.1
Scan saved at 5:46:07 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [NI.UWA6P_0001_N822M1605] "C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\QV6FYDER\WinAntiVirusPro2006FreeInstall[1].exe" -nag
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

jotti scan
C:\msnotify.com
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file

C:\msts.com
Service load: 0% 100%

File: msts.com
Status: INFECTED/MALWARE
MD5 95cf1fe3bad63c419072e18705a6faa5
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.Adload.BU
ClamAV Found nothing
Dr.Web Found Adware.DollarRevenue
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.afo
NOD32 Found Win32/TrojanDownloader.Adload.NAI
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing


C:\install64.exe
File: install64.exe
Status: INFECTED/MALWARE
MD5 704665c2e9140978e9c417d995407a77
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Scanner results
AntiVir Found Trojan/Dldr.VB.afo.13
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.Adload.BU
ClamAV Found nothing
Dr.Web Found Adware.DollarRevenue
F-Prot Antivirus Found nothing
Fortinet Found W32/Adload.HO!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.afo
NOD32 Found Win32/TrojanDownloader.Adload.NAI
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing


C:\install62.exe
Service load: 0% 100%

File: install62.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 704665c2e9140978e9c417d995407a77
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Scanner results
AntiVir Found Trojan/Dldr.VB.afo.13
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.Adload.BU
ClamAV Found nothing
Dr.Web Found Adware.DollarRevenue
F-Prot Antivirus Found nothing
Fortinet Found W32/Adload.HO!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.afo
NOD32 Found Win32/TrojanDownloader.Adload.NAI
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

C:\install32.exe
Service load: 0% 100%

File: install32.exe
Status: INFECTED/MALWARE (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 704665c2e9140978e9c417d995407a77
Packers detected: PE_PATCH.PECOMPACT, PECBUNDLE, PECOMPACT
Scanner results
AntiVir Found Trojan/Dldr.VB.afo.13
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found Trojan.Downloader.Adload.BU
ClamAV Found nothing
Dr.Web Found Adware.DollarRevenue
F-Prot Antivirus Found nothing
Fortinet Found W32/Adload.HO!tr.dldr
Kaspersky Anti-Virus Found Trojan-Downloader.Win32.VB.afo
NOD32 Found Win32/TrojanDownloader.Adload.NAI
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

[tetonbob]

That's beginning to look better. How's your system?

CLEAR & RESET SYSTEM RESTORE'S CACHE

Go to Start >> Run - type or copy/paste control sysdm.cpl,,4 & press Enter

* Tick on the checkbox - Turn off System Restore on all drives
* Click Apply

Turn it back 'On' by unticking the same checkbox & click Apply, and then OK

---------------------------------------------------------------------------------------------

Create an uninstall list:

• Open HiJackThis
• Click on the configure button on the bottom right
• Click on the tab "Misc Tools"
• Click on the Box that says "Open Uninstall Manager"
• Click on the button "Save list"
• Copy and past the List from the notepad file into your post

[betty123]

computer is running much better, the popups have stopped it seems and was finally able to run Norton update from the website.
Here is what you requested

Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop Album 2.0 Starter Edition
Adobe Reader 7.0
Agere Systems PCI Soft Modem
AOL Instant Messenger
AOL Toolbar 2.0
ArcSoft Software Suite
Battlefield 1942
CC_ccProxyExt
ccCommon
ccCommon
ccPxyCore
CleanUp!
Compaq Connections
Compaq Organize
Easy Internet Sign-up
ESPN RunTime
ewido anti-spyware 4.0
Forethought
GameSpy Arcade
GameSpy Software
Google Earth
Google Toolbar for Internet Explorer
Heavy Weapon Deluxe 1.0
Help and Support Additions
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
hp deskjet 5550 series (Remove only)
Insaniquarium Deluxe 1.0
Intel(R) Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterActual Player
Internet Worm Protection
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 6
KBD
Lavasoft VX2 Cleaner
LimeWire 4.9.37
LiveReg (Symantec Corporation)
LiveUpdate 2.7 (Symantec Corporation)
Macromedia Shockwave Player
Medal of Honor Allied Assault
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Office Standard Edition 2003
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Works 7.0
MSN
MSRedist
NAVShortcut
Nikon Message Center
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton AntiVirus 2006 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
Pacific Heroes
Panda ActiveScan
PC-Doctor for Windows
Photo Finale Viewer
PictureProject
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RealPlayer
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Sonic RecordNow!
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Yahoo! Toolbar

[tetonbob]

Ok, betty, that's good to hear....we're getting close, but I'd like to run a couple more tools based on what I've seen.

I have attached a file to this post - betty2.zip Download this file to your desktop. Double click on the zip folder, then double click on the reg file within. Click yes to allow it to merge into your registry.

---------------------------------------------------------------------------------------------

You may want to print out these instructions for reference, since you will have to restart your computer during the fix.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Delete the following if they exist (don't worry if you can't find them):

C:\Program Files\AdTools Service
C:\Program Files\AutoUpdate
C:\Program Files\BullsEye Network
admppp.exe <<<locate via Start>Search
C:\WINDOWS\\system32\gah95on6.exe
C:\Program Files\Internet Optimizer
C:\WINDOWS\mhqhyb.exe
alriscon.exe <<<locate via Start>Search
C:\Program Files\Viewpoint
C:\Program Files\AWS
C:\Program Files\WildTangent
C:\Program Files\Yacy
C:\drwin32.exe
C:\WINDOWS\system32\2-20060511-1.exe
C:\Program Files\ornu
C:\Program Files\Common Files\mzko
C:\msnotify.com

---------------------------------------------------------------------------------------------


Once in Safe Mode, please double-click aproposfix.exe and unzip it to the desktop. Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

When the tool is finished, please reboot back into normal mode, and post the entire contents of the log.txt file in the aproposfix folder in your next reply.

Also please do this:

Go here and do the BitDefender online virus scan.

• Click "I Agree" to agree to the EULA.
• Allow the ActiveX control to install when prompted.
• Leave the scanning options at default and press "Click here to scan" to begin the scan.
• Please refrain from using the computer until the scan is finished.
• When the scan is finished, click on "Click here to export the scan results"
• Save the report to your desktop then come back here and post it in your next reply along with a new Hijack This log

[betty123]

Logfile of HijackThis v1.99.1
Scan saved at 1:01:19 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ESPNRunTime\DIGServices.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Documents and Settings\Compaq_Owner\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [InetCntrl] C:\WINDOWS\system32\InetCntrl\InetCntrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar Search - res://c:\program files\aol\aol toolbar 2.0\aoltbhtml.dll/search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Add To Compaq Organize... - C:\PROGRA~1\HEWLET~1\COMPAQ~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C97B9D9A-A22C-4BB6-A32D-FA641510A0A4}: NameServer = 209.183.175.245 209.183.175.246
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BitDefender Online Scanner



Scan report generated at: Sun, Jul 30, 2006 - 22:31:50





Scan path: C:\;D:\;E:\;F:\;H:\;I:\;J:\;K:\;







Statistics

Time
01:09:29

Files
576056

Folders
7351

Boot Sectors
3

Archives
24613

Packed Files
57470




Results

Identified Viruses
7

Infected Files
25

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
27




Engines Info

Virus Definitions
425497

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
39

Unpack plugins
5

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>VerifierBug.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>Beyond.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)=>Beyond.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29B93318.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>VerifierBug.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>Beyond.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)=>Beyond.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAD155A.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>VerifierBug.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>Beyond.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)=>Beyond.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BB03F57.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>VerifierBug.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>Beyond.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)=>Beyond.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5BC25C65.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>BlackBox.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>BlackBox.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>BlackBox.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>VerifierBug.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>Dummy.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>Dummy.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>Beyond.class
Disinfection failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)=>Beyond.class
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip=>(Quarantine-2)
Updated

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F811118.zip
Update failed

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75221BBB.exe=>(Quarantine-2)
Infected with: Backdoor.SDBot.2E759126

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\75221BBB.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\752545B7.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.TSUpdate.L

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\752545B7.exe=>(Quarantine-2)
Deleted

C:\Documents and Settings\Compaq_Owner\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Infected with: Trojan.Purityad.BP

C:\Documents and Settings\Compaq_Owner\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Disinfection failed

C:\Documents and Settings\Compaq_Owner\Desktop\OiUninstaller.exe=>(NSIS o)=>zlib_nsis0002
Deleted

C:\Documents and Settings\Compaq_Owner\Desktop\OiUninstaller.exe=>(NSIS o)
Update failed

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)=>comexec.bat
Infected with: Trojan.Downloader.Adload.BZ

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)=>comexec.bat
Disinfection failed

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)=>comexec.bat
Deleted

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)
Update failed

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)=>comsonie.exe
Infected with: Trojan.Downloader.Adload.BY

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)=>comsonie.exe
Disinfection failed

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)=>comsonie.exe
Deleted

C:\RECYCLER\S-1-5-21-4132758413-3532774341-1170141040-500\Dc7.exe=>(RAR Sfx o)
Update failed

[betty123]

Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\Compaq_Owner\Desktop\aproposfix

************



Registry entries found:


************

No service found!

Removing hidden folder:
No folder found!

Deleting files:


Backing up files:
Done!

Removing registry entries:

REGEDIT4


Done!

Finished!

[tetonbob]

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

Forethought

---------------------------------------------------------------------------------------------


Delete the following if they exist:

C:\Program Files\Quicklinks
C:\Program Files\Forethought
C:\Program Files\EngageSidebar

---------------------------------------------------------------------------------------------

Delete the contents of this folder:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine

Empty your Recycle Bin.

Let me know how that goes....I think we're near done now.

[betty123]

I did have to boot into safe mode to delete the contents of the quarantine file, though.

[tetonbob]

OK, betty123, if you're happy, I'm happy.

Well done. Your logs are clean. Any more issues? If not you should be good to go. We still have a few items to address.


Reset hidden/system files and folders

• Click Start.
• Open My Computer.
• Select the Tools menu and click Folder Options.
• Select the View tab.
• Deselect the Show hidden files and folders option.
• Select the Hide file extensions for known types option.
• Select the Hide protected operating system files option.
• Click Yes to confirm.
• Click OK.

Create a new System Restore point

• click Start >> Run - type SYSDM.CPL & press Enter
• select the System Restore Tab
• tick on the checkbox - "Turn off System Restore on all drives"
• click Apply
• then untick the same checkbox & click OK

Please ensure that you have already patched your system against the recent WMF exploit.
Go to this page to get the KB912919 patch.

Enable Windows Auto Update

• Go to Start>Run - type wuaucpl.cpl
• tick on the checkbox - "Keep my computer up to date"
• Under settings, choose "Automatically download the updates, and install them on the schedule that I specify".
• Click on "OK".

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items
• SpywareGuard to catch and block spyware before it can execute.
  
• SPYBOT - SEARCH & DESTROY
  Download and install Spybot - Search & Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with the program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here
  
• AD-AWARE
  Download and install Ad-Aware. You should use this program to scan your computer on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here
  
• Winpatrol - Download and install the free version of Winpatrol.
  A tutorial for this product is located here:
  Using Winpatrol to protect your computer from malicious software
  
  
• IE-SPYAD - IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • Download IE-SpyAD - Extract the contents to a new folder
    From within the folder, double-click install.bat
    Select Option #2 - Install the new IE-SPYAD list.
    Then return to the main menu.
    Select option #4 - Add the old porn sites domain
  
  
  
• MVPS HOST FILE
  The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
  • Download Host.zip to your desktop.
  • From your Desktop right-click (hosts.zip) and select:
    Extract All from the menu.
    
  • Click Next, click Next, select the option:
    "Show Extracted files", click Finish
    
  • This will open the newly created hosts folder on your Desktop.
    
  • Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
  
  
  
• ANTIVIRUS SOFTWARE
  It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  See this link for a listing of some online antivirus scanners:
  
  Anti-Spyware Tutorial
  
  Here are two very good free Antivirus products which are available:
  
• Avast!
  
  
• AVG

If you do not have a firewall, here are 4 free ones available for personal use:

• ZoneAlarm
• Avast Antivirus/Firewall
• Tiny Personal Firewall
• OutPost Firewall

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

• HOW DID I GET INFECTED IN THE FIRST PLACE?
• THE ANTI-SPYWARE TUTORIAL
• MAKING INTERNET EXPLORER SAFER

If you want to fight back the Malware Writers that have made your life a misery, please take a look here and read what you can do against it.

Please respond to this thread one more time so we can mark this thread as resolved.