HJT - ABI Network

steveb1164 · 08-19-2005, 12:42 AM

Logfile of HijackThis v1.99.1
Scan saved at 10:52:47 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\cmekyya.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ccyvkyd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MightyFax NT\MFNTCTL.EXE
C:\WINDOWS\wziznxp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Steve\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [blakowlqcapsb] C:\WINDOWS\System32\ktvuog.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [71636599.exe] C:\WINDOWS\System32\71636599.exe
O4 - HKLM\..\Run: [15746706.exe] C:\WINDOWS\System32\15746706.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wziznxp.exe

sUBs · 08-19-2005, 01:29 AM

Hello and Welcome to TSF!

I just want to warn you up front that you've multiple infections here. So, please be prepared for this to take a couple of rounds. There's a fair bit of work to do & I require your assistance & patience.

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp!.exe - Install.

KillBox v2.0.0.175.zip

Nailfix.exe

Process Explorer

LQFix.zip

I need you to update Ewido again. Please go to this website - http://www.ewido.net/en/download/updates/
Download the full updated database (Approximately 3600 KB) & install it unto your copy of Ewido.

WinPfind.zip

TrackQoo.zip

'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING

This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
Do not skip any parts of the fix unless it's necessary. It will affect the effeciency of the fix

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run a scan with HijackThis & locate an entry that looks similar to this...

C:\WINDOWS\system32\ccyvkyd.exe r

the filename might be different but you can identify it by the following traits:

* it resides in the system32 folder
* it has the lone alphabet "r" at the end.

take note of the filename & location.

run Process Explorer

from the list of processes, locate the file you've just identified.

right-click the file & select Suspend

leave Process Explorer running with the process suspended

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Copy the filename/s listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy

name of the file you've just Suspended
C:\WINDOWS\Nail.exe
C:\WINDOWS\system32\exp.exe
C:\WINDOWS\system32\lplsds.exe
C:\WINDOWS\cmekyya.EXE
C:\WINDOWS\System32\syscpy.exe
C:\WINDOWS\System32\stcloader.exe
C:\WINDOWS\System32\SahAgent.exe
C:\WINDOWS\System32\ktvuog.exe
C:\WINDOWS\Belt.exe
C:\WINDOWS\mwsvm.exe
C:\WINDOWS\System32\71636599.exe
C:\WINDOWS\System32\15746706.exe
C:\WINDOWS\system32\ccyvkyd.exe
C:\PROGRA~1\INTERN~2\iw.exe min
c:\windows\SvcProc.exe
C:\WINDOWS\wziznxp.exe

Launch KillBox.exe

Go to the File menu, and choose Paste from Clipboard
Click the dropdown-arrow next to the Full Path of File to Delete field.
Verify that the filenames you pasted are found in there.
Select/tick the following:
- Delete on Reboot
- Unregister dlll Before deleting * if it's not grayed out
Click the RED X button.
Click Yes at the Delete on Reboot prompt.
Click Yes at the 'Pending Operations prompt'.

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:

WildTangent
VBouncer / Virtual Bouncer
Clear Search
Search Upgrader
Power Scan
CMAPP
Altnet
Kazaa
Internet Washer Pro
WhistleSoftware

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Nailfix.exe.
Follow the instructions outlined by the setup installer.
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Double click on LQFix.zip & Run LQFix.bat

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Click Start->Run - type SERVICES.MSC & then click on the OK button

Locate the service - Windows Overlay Components
Double-click on it to open the Properties dialog.
Stop the service by using the Stop button.
Change the Startup type to Disabled & then click on the OK button

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [blakowlqcapsb] C:\WINDOWS\System32\ktvuog.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [71636599.exe] C:\WINDOWS\System32\71636599.exe
O4 - HKLM\..\Run: [15746706.exe] C:\WINDOWS\System32\15746706.exe
O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr. exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wziznxp.exe

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

Enable - Show hidden files and folder
Disable - Hide file extensions for known types
Disable - Hide protected operating system files

Click Yes to confirm & then click OK

Locate and delete the following folder(s), if present:

C:\Program Files\Internet Washer
C:\Program Files\Common Files\slmss\
C:\Program Files\WhistleSoftware\
C:\Program Files\CMAPP\
c:\program files\altnet\
C:\Program Files\ClearSearch\
C:\WINDOWS\System32\P2P Networking\
C:\Program Files\Power Scan\
C:\Program Files\Common files\SearchUpgrader
C:\Program Files\VBouncer\
C:\Program Files\WildTangent

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

Delete Newsgroup cache

Delete Newsgroup Subscriptions

Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

1. Click Scanner
2. Click Complete System Scan to begin scanning.
3. Click OK when prompted to clean files
4. With the first file it prompts to clean, select the option: "Perform action on all infections"
5.Choose clean and click OK.
6. Once finished, click the Save report button
7. Save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Double-click WinPFind.zip & extract the contents to a new folder at Drive C.

1. From within that folder, double click WinPFind.exe
2. Click Start Scan
3. Once the Scan is complete, it will create a report in a text file
4. Go to the WinPFind folder & locate WinPFind.txt
5. Post the results in your next reply!

** This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

REBOOT TO NORMAL MODE

Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer

Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
Click On 'Scan Now'
Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
Begin the scan by selecting My Computer
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
If it finds any malware, it will offer you a report. Click on see report
Then click Save report
Post the contents of the report in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan

Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

Save it to your desktop.
Double-click the new icon on your desktop - tmas-web-scan.exe
It will say "Loading TrendMicro definitions".
Once the definitions are loaded, the program will appear to close then re-open.
Click Start Scan
After it's done scanning, click "Scan Results"
Make sure all items found have a check next to them, then click Clean Threats Now.
Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =

Extract the contents of TrackQoo.zip & double-click on TrackQoo1.vbs. Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next reply.
* If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

In your next post, please include fresh logs from:

HiJackThis log

Online Scan

Ewido

WinPfind

TrackQoo1.vbs

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

steveb1164 · 08-19-2005, 05:56 AM

It looks like it's working good. Here are the fresh logs.

TrackQoo:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Opware12"="\"C:\\Program Files\\ScanSoft\\OmniPagePro12.0\\Opware12.exe\""
"nwiz"="nwiz.exe /install"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"Mapi Dent"="C:\\PROGRA~1\\TheAxisSoftware\\Vc 64 Manager.exe"
"LMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"winsync"="C:\\WINDOWS\\system32\\lplsds.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- fyfxqxxk
{bbeb6c29-ed19-4527-b129-b3533cae8eda}
C:\WINDOWS\system32\jajab.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
America Online 8.0 Tray Icon.lnk
DESKTOP.INI
Digital Line Detect.lnk
Forget Me Not.lnk
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
MightyFAX Controller.lnk
Service Manager.lnk
WinZip Quick Pick.lnk
==============================
C:\Documents and Settings\Steve\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
America Online 8.0 Tray Icon.lnk
DESKTOP.INI
Digital Line Detect.lnk
Forget Me Not.lnk
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
MightyFAX Controller.lnk
Service Manager.lnk
WinZip Quick Pick.lnk
DESKTOP.INI
==============================
C:\WINDOWS\SYSTEM32 cpl files

access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bdeadmin.cpl Inprise Corporation
bthprops.cpl Microsoft Corporation
conres.cpl
cpl_moh.cpl
CTDetect.cpl Creative Technology Ltd.
CTDevCtrl.cpl Creative Technology Ltd.
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
MAIN.CPL Microsoft Corporation
mmsys.cpl Microsoft Corporation
NCPA.CPL Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
NWC.CPL Microsoft Corporation
odbccp32.cpl Microsoft Corporation
plugincpl131_04.cpl Sun Microsystems
powercfg.cpl Microsoft Corporation
PROSetp.cpl Intel Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
qoologic 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
SAHAgent 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
UPX! 8/18/2005 9:53:08 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
qoologic 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
SAHAgent 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
UPX! 8/18/2005 9:53:08 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 8/18/2005 9:53:08 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 7/9/2004 3:22:34 PM 143360 C:\WINDOWS\SYSTEM32\b1s.dlltmp
abetterinternet.com 12/19/2003 10:41:06 AM 131072 C:\WINDOWS\SYSTEM32\biR.exe
UPX! 12/21/2003 9:00:46 PM 224768 C:\WINDOWS\SYSTEM32\c17b6s.dll
UPX! 12/19/2003 10:41:06 AM 223232 C:\WINDOWS\SYSTEM32\c41bRs.dll
69.59.186.63 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
69.59.186.63 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
209.66.67.134 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
web-nex 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
winsync 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
PECompact2 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
69.59.186.63 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
209.66.67.134 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
web-nex 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
winsync 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
UPX! 5/1/1997 6:00:00 AM 1292288 C:\WINDOWS\SYSTEM32\TV_ENG32.DLL
winsync 8/29/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/19/2005 1:46:18 AM 2048 C:\WINDOWS\BOOTSTAT.DAT
H 6/29/2005 10:10:38 AM 0 C:\WINDOWS\INF\oem23.inf
S 7/8/2005 4:23:18 PM 12143 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
S 6/30/2005 9

34 AM 11437 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
S 7/19/2005 7:18:10 PM 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
S 6/30/2005 1:42:18 PM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
S 6/30/2005 2:21:10 PM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
S 6/30/2005 8:46:18 AM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
S 6/28/2005 7:12:56 PM 11845 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
S 7/2/2005 1:18:16 AM 9445 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
H 8/19/2005 1:46:06 AM 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
H 8/19/2005 2:44:08 AM 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
H 8/19/2005 1:46:20 AM 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
H 8/19/2005 3:04:20 AM 274432 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
H 8/19/2005 2:13:54 AM 45056 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
H 8/11/2005 3:01:36 AM 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
S 8/18/2005 2:10:54 PM 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
S 8/18/2005 2:10:54 PM 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
H 8/19/2005 1:45:14 AM 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/11/1999 11:11:00 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
8/18/2005 2:21:58 PM 31232 C:\WINDOWS\SYSTEM32\conres.cpl
5/24/2002 10:45:48 AM 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Creative Technology Ltd. 3/30/2001 1:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Creative Technology Ltd. 2/21/2002 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 3:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/17/2002 5:04:56 PM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel Corporation 8/16/2002 2:52:12 PM 774144 C:\WINDOWS\SYSTEM32\PROSetp.cpl
Apple Computer, Inc. 12/14/2003 10:20:50 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/30/2005 12:37:16 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
6/5/2003 8:41:38 AM 831 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
1/17/2003 11:50:28 AM 567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
2/11/2004 9:23:00 PM 768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
4/30/2005 1:11:44 PM 1596 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
4/13/2003 10:26:36 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/15/2003 11:51:34 AM 697 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
8/19/2005 1:39:14 AM 92160 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nani.exe
5/21/2003 9:54:40 AM 1852 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
4/2/2005 9:08:06 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
4/29/2005 11:01:42 PM 877 C:\Documents and Settings\Steve\Application Data\AdobeDLM.log
4/29/2005 11:01:42 PM 0 C:\Documents and Settings\Steve\Application Data\dm.ini
8/1/2005 6:56:08 PM 268 C:\Documents and Settings\Steve\Application Data\LMCPaper.dat
8/1/2005 6:56:08 PM 3932 C:\Documents and Settings\Steve\Application Data\LMLayout.dat
5/23/2003 11:18:48 PM 784 C:\Documents and Settings\Steve\Application Data\mpauth.dat
8/18/2005 2:31:22 PM 48 C:\Documents and Settings\Steve\Application Data\Sskcwrd.dll
8/18/2005 2:12:58 PM 445107 C:\Documents and Settings\Steve\Application Data\Sskknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
SV1 =
acc=ventura5 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fyfxqxxk
{bbeb6c29-ed19-4527-b129-b3533cae8eda} = C:\WINDOWS\system32\jajab.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C7A2084B-969C-439A-96E8-176BF9A93879}
WSEL Services = C:\Program Files\WhistleSoftware\WselServices\webband.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
&Research = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{B63D81CF-90DC-4D13-8782-9524A2752039} = The Fantasy Football Toolbar : C:\Program Files\The Fantasy Football Toolbar\DD8A85EA.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = COMMUNICATOR : C:\WINDOWS\SYSTEM32\communicator.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
UpdReg C:\WINDOWS\UpdReg.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Opware12 "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
nwiz nwiz.exe /install
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Mapi Dent C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
LMPDPSRV C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
diagent "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Desktop Weather 3 C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/19/2005 3:56:25 AM

Antispyware Log:

Started Scanning
Internet Cookies
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\Channels\DATING'
Found '' in 'Software\Kazaa\Channels\DATING_BROWSE'
Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE'
Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE'
Found '' in 'Software\Kazaa\Channels\P2P'
Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE'
Found '' in 'Software\Kazaa\Channels\WEBSEARCH'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Promotions\Broadband'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'SOFTWARE\TrayNotifier'
Found '' in 'SOFTWARE\Internet Washer'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'software\classes\ImcWselParser.WselParser'
Found '' in 'software\classes\ImcWselParser.WselParser.1'
Found '' in 'software\classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CurVer'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'software\classes\WselServices.WselLogServices.1'
Found '' in 'software\classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices'
Found '' in 'software\classes\WselServices.WselNetworkServices.1'
Found '' in 'software\classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'software\classes\WselServices.WselXmlServices.1'
Found '' in 'software\classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CurVer'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StatBlaster'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Vendor\xml'
Found '' in 'SOFTWARE\Classes\Remove'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'WhistleHlprObj.WhistleHlprObj'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj'
Found '' in 'Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\HELPDIR'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Found 'data.bin' in 'C:\Program Files\Aprps'
Found 'wsuin.bat' in 'C:\Program Files\Common Files\System'
Found '' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\BGP2P'
Found '' in 'C:\Program Files\Kazaa\Db'
Found '' in 'C:\Program Files\Kazaa\My Shared Folder'
Found '' in 'C:\Program Files\Lycos'
Found '' in 'C:\Program Files\Lycos\Sidesearch'
Found '' in 'C:\Program Files\Media Access'
Found '' in 'C:\Program Files\MyWay'
Found 'client.exe' in 'C:\Program Files\ParadisePoker'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Found 'FT1_02_0_402_GEPFAH.EXE' in 'C:\WINDOWS'
Found 'Belt.inf' in 'C:\WINDOWS\INF'
Found 'biini.inf' in 'C:\WINDOWS\INF'
Found 'back.gif' in 'C:\WINDOWS\SYSTEM32'
Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\SYSTEM32'
Found 'MSrev21.dll' in 'C:\WINDOWS\SYSTEM32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\Aprps\data.bin' in shortcut areas.
Checking for 'C:\Program Files\Aprps\data.bin' in startup areas.
Cleaning 'C:\Program Files\Aprps\data.bin'
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in shortcut areas.
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in startup areas.
Cleaning 'C:\Program Files\Common Files\System\wsuin.bat'
Checking for 'C:\Program Files\Kazaa' in shortcut areas.
Checking for 'C:\Program Files\Kazaa' in startup areas.
Cleaning 'C:\Program Files\Kazaa'
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\versions.dat'
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ctx4-040924.cab'
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb'
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb'
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab'
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tss4.cab'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe'
Checking for 'C:\Program Files\Kazaa\BGP2P' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P'
[SCANMODS] The file 'C:\Program Files\Kazaa\BGP2P' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in shortcut areas.
Found 'My Shared Folder.url' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder'
[SCANMODS] The file 'C:\Program Files\Kazaa\My Shared Folder' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Lycos' in shortcut areas.
Checking for 'C:\Program Files\Lycos' in startup areas.
Cleaning 'C:\Program Files\Lycos'
Checking for 'C:\Program Files\Lycos\Sidesearch' in shortcut areas.
Checking for 'C:\Program Files\Lycos\Sidesearch' in startup areas.
Cleaning 'C:\Program Files\Lycos\Sidesearch'
[SCANMODS] The file 'C:\Program Files\Lycos\Sidesearch' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Media Access' in shortcut areas.
Checking for 'C:\Program Files\Media Access' in startup areas.
Cleaning 'C:\Program Files\Media Access'
Checking for 'C:\Program Files\MyWay' in shortcut areas.
Checking for 'C:\Program Files\MyWay' in startup areas.
Cleaning 'C:\Program Files\MyWay'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in shortcut areas.
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\Paradise Poker\'
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in startup areas.
Cleaning 'C:\Program Files\ParadisePoker\client.exe'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in shortcut areas.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in startup areas.
Cleaning 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE'
Checking for 'C:\WINDOWS\INF\Belt.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\Belt.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\Belt.inf'
Checking for 'C:\WINDOWS\INF\biini.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\biini.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\biini.inf'
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\back.gif'
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico'
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\MSrev21.dll'
Finished Cleaning

Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:38:47 AM, 8/19/2005
+ Report-Checksum: CDEFAE02

+ Scan result:

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077460.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077461.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077462.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077463.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077464.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077465.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077466.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077467.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077468.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077469.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077470.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077471.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077472.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077473.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077474.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077475.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077478.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077479.exe -> Trojan.Zx.12 : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077482.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077483.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077484.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077485.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077487.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077488.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077489.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077490.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077491.dll -> Spyware.iLookup : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077492.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077499.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077500.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077501.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077503.exe -> Spyware.CASClient : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077505.exe -> Spyware.EliteBar : Cleaned with backup

::Report End

HijackThis Log(I didn't run this again after everything else, I didn't know if you wanted me to do that):

Logfile of HijackThis v1.99.1
Scan saved at 1:54:41 AM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steve\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O4 - Global Startup: nani.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks a lot for your help!

steveb1164 · 08-19-2005, 06:03 AM

This is in 2 parts. I thought everything was fine until I just got a popup for 888.com. Panda ActiveScan didn't seem to do anything. I waited 10 minutes and nothing changed, so I stopped it. I also didn't run HiJackThis again at the end. I didn't know if you wanted me to. Here are the logs.

HiJackThis:

Logfile of HijackThis v1.99.1
Scan saved at 1:54:41 AM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Steve\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O4 - Global Startup: nani.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:38:47 AM, 8/19/2005
+ Report-Checksum: CDEFAE02

+ Scan result:

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077460.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077461.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077462.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077463.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077464.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077465.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077466.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077467.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077468.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077469.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077470.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077471.exe -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077472.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077473.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077474.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077475.dll -> TrojanDownloader.Agent.mk : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077478.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077479.exe -> Trojan.Zx.12 : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077482.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077483.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077484.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077485.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077487.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077488.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077489.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077490.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077491.dll -> Spyware.iLookup : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077492.exe -> TrojanDownloader.Agent.ro : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077499.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077500.dll -> Spyware.EliteBar : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077501.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077503.exe -> Spyware.CASClient : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077505.exe -> Spyware.EliteBar : Cleaned with backup

::Report End

Antispyware Log:

Started Scanning
Internet Cookies
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\Channels\DATING'
Found '' in 'Software\Kazaa\Channels\DATING_BROWSE'
Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE'
Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE'
Found '' in 'Software\Kazaa\Channels\P2P'
Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE'
Found '' in 'Software\Kazaa\Channels\WEBSEARCH'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Promotions\Broadband'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'SOFTWARE\TrayNotifier'
Found '' in 'SOFTWARE\Internet Washer'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'software\classes\ImcWselParser.WselParser'
Found '' in 'software\classes\ImcWselParser.WselParser.1'
Found '' in 'software\classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CurVer'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'software\classes\WselServices.WselLogServices.1'
Found '' in 'software\classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices'
Found '' in 'software\classes\WselServices.WselNetworkServices.1'
Found '' in 'software\classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'software\classes\WselServices.WselXmlServices.1'
Found '' in 'software\classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CurVer'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StatBlaster'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Vendor\xml'
Found '' in 'SOFTWARE\Classes\Remove'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'WhistleHlprObj.WhistleHlprObj'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj'
Found '' in 'Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\HELPDIR'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Found 'data.bin' in 'C:\Program Files\Aprps'
Found 'wsuin.bat' in 'C:\Program Files\Common Files\System'
Found '' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\BGP2P'
Found '' in 'C:\Program Files\Kazaa\Db'
Found '' in 'C:\Program Files\Kazaa\My Shared Folder'
Found '' in 'C:\Program Files\Lycos'
Found '' in 'C:\Program Files\Lycos\Sidesearch'
Found '' in 'C:\Program Files\Media Access'
Found '' in 'C:\Program Files\MyWay'
Found 'client.exe' in 'C:\Program Files\ParadisePoker'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Found 'FT1_02_0_402_GEPFAH.EXE' in 'C:\WINDOWS'
Found 'Belt.inf' in 'C:\WINDOWS\INF'
Found 'biini.inf' in 'C:\WINDOWS\INF'
Found 'back.gif' in 'C:\WINDOWS\SYSTEM32'
Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\SYSTEM32'
Found 'MSrev21.dll' in 'C:\WINDOWS\SYSTEM32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\Aprps\data.bin' in shortcut areas.
Checking for 'C:\Program Files\Aprps\data.bin' in startup areas.
Cleaning 'C:\Program Files\Aprps\data.bin'
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in shortcut areas.
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in startup areas.
Cleaning 'C:\Program Files\Common Files\System\wsuin.bat'
Checking for 'C:\Program Files\Kazaa' in shortcut areas.
Checking for 'C:\Program Files\Kazaa' in startup areas.
Cleaning 'C:\Program Files\Kazaa'
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\versions.dat'
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ctx4-040924.cab'
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb'
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb'
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab'
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tss4.cab'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe'
Checking for 'C:\Program Files\Kazaa\BGP2P' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P'
[SCANMODS] The file 'C:\Program Files\Kazaa\BGP2P' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in shortcut areas.
Found 'My Shared Folder.url' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder'
[SCANMODS] The file 'C:\Program Files\Kazaa\My Shared Folder' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Lycos' in shortcut areas.
Checking for 'C:\Program Files\Lycos' in startup areas.
Cleaning 'C:\Program Files\Lycos'
Checking for 'C:\Program Files\Lycos\Sidesearch' in shortcut areas.
Checking for 'C:\Program Files\Lycos\Sidesearch' in startup areas.
Cleaning 'C:\Program Files\Lycos\Sidesearch'
[SCANMODS] The file 'C:\Program Files\Lycos\Sidesearch' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Media Access' in shortcut areas.
Checking for 'C:\Program Files\Media Access' in startup areas.
Cleaning 'C:\Program Files\Media Access'
Checking for 'C:\Program Files\MyWay' in shortcut areas.
Checking for 'C:\Program Files\MyWay' in startup areas.
Cleaning 'C:\Program Files\MyWay'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in shortcut areas.
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\Paradise Poker\'
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in startup areas.
Cleaning 'C:\Program Files\ParadisePoker\client.exe'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in shortcut areas.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in startup areas.
Cleaning 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE'
Checking for 'C:\WINDOWS\INF\Belt.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\Belt.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\Belt.inf'
Checking for 'C:\WINDOWS\INF\biini.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\biini.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\biini.inf'
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\back.gif'
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico'
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\MSrev21.dll'
Finished Cleaning

steveb1164 · 08-19-2005, 06:07 AM

TrackQoo:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Opware12"="\"C:\\Program Files\\ScanSoft\\OmniPagePro12.0\\Opware12.exe\""
"nwiz"="nwiz.exe /install"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"Mapi Dent"="C:\\PROGRA~1\\TheAxisSoftware\\Vc 64 Manager.exe"
"LMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"winsync"="C:\\WINDOWS\\system32\\lplsds.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers

Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- fyfxqxxk
{bbeb6c29-ed19-4527-b129-b3533cae8eda}
C:\WINDOWS\system32\jajab.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers

Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
America Online 8.0 Tray Icon.lnk
DESKTOP.INI
Digital Line Detect.lnk
Forget Me Not.lnk
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
MightyFAX Controller.lnk
Service Manager.lnk
WinZip Quick Pick.lnk
==============================
C:\Documents and Settings\Steve\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
America Online 8.0 Tray Icon.lnk
DESKTOP.INI
Digital Line Detect.lnk
Forget Me Not.lnk
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
MightyFAX Controller.lnk
Service Manager.lnk
WinZip Quick Pick.lnk
DESKTOP.INI
==============================
C:\WINDOWS\SYSTEM32 cpl files

access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bdeadmin.cpl Inprise Corporation
bthprops.cpl Microsoft Corporation
conres.cpl
cpl_moh.cpl
CTDetect.cpl Creative Technology Ltd.
CTDevCtrl.cpl Creative Technology Ltd.
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
MAIN.CPL Microsoft Corporation
mmsys.cpl Microsoft Corporation
NCPA.CPL Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
NWC.CPL Microsoft Corporation
odbccp32.cpl Microsoft Corporation
plugincpl131_04.cpl Sun Microsystems
powercfg.cpl Microsoft Corporation
PROSetp.cpl Intel Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

WinPfind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
qoologic 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
SAHAgent 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
UPX! 8/18/2005 9:53:08 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
qoologic 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
SAHAgent 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
UPX! 8/18/2005 9:53:08 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 8/18/2005 9:53:08 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 7/9/2004 3:22:34 PM 143360 C:\WINDOWS\SYSTEM32\b1s.dlltmp
abetterinternet.com 12/19/2003 10:41:06 AM 131072 C:\WINDOWS\SYSTEM32\biR.exe
UPX! 12/21/2003 9:00:46 PM 224768 C:\WINDOWS\SYSTEM32\c17b6s.dll
UPX! 12/19/2003 10:41:06 AM 223232 C:\WINDOWS\SYSTEM32\c41bRs.dll
69.59.186.63 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
69.59.186.63 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
209.66.67.134 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
web-nex 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
winsync 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
PECompact2 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
69.59.186.63 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
209.66.67.134 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
web-nex 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
winsync 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
UPX! 5/1/1997 6:00:00 AM 1292288 C:\WINDOWS\SYSTEM32\TV_ENG32.DLL
winsync 8/29/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/19/2005 1:46:18 AM 2048 C:\WINDOWS\BOOTSTAT.DAT
H 6/29/2005 10:10:38 AM 0 C:\WINDOWS\INF\oem23.inf
S 7/8/2005 4:23:18 PM 12143 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
S 6/30/2005 9

34 AM 11437 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
S 7/19/2005 7:18:10 PM 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
S 6/30/2005 1:42:18 PM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
S 6/30/2005 2:21:10 PM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
S 6/30/2005 8:46:18 AM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
S 6/28/2005 7:12:56 PM 11845 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
S 7/2/2005 1:18:16 AM 9445 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
H 8/19/2005 1:46:06 AM 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
H 8/19/2005 2:44:08 AM 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
H 8/19/2005 1:46:20 AM 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
H 8/19/2005 3:04:20 AM 274432 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
H 8/19/2005 2:13:54 AM 45056 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
H 8/11/2005 3:01:36 AM 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
S 8/18/2005 2:10:54 PM 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
S 8/18/2005 2:10:54 PM 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
H 8/19/2005 1:45:14 AM 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/11/1999 11:11:00 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
8/18/2005 2:21:58 PM 31232 C:\WINDOWS\SYSTEM32\conres.cpl
5/24/2002 10:45:48 AM 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Creative Technology Ltd. 3/30/2001 1:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Creative Technology Ltd. 2/21/2002 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 3:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/17/2002 5:04:56 PM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel Corporation 8/16/2002 2:52:12 PM 774144 C:\WINDOWS\SYSTEM32\PROSetp.cpl
Apple Computer, Inc. 12/14/2003 10:20:50 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/30/2005 12:37:16 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
6/5/2003 8:41:38 AM 831 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
1/17/2003 11:50:28 AM 567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
2/11/2004 9:23:00 PM 768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
4/30/2005 1:11:44 PM 1596 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
4/13/2003 10:26:36 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/15/2003 11:51:34 AM 697 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
8/19/2005 1:39:14 AM 92160 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nani.exe
5/21/2003 9:54:40 AM 1852 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
4/2/2005 9:08:06 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
4/29/2005 11:01:42 PM 877 C:\Documents and Settings\Steve\Application Data\AdobeDLM.log
4/29/2005 11:01:42 PM 0 C:\Documents and Settings\Steve\Application Data\dm.ini
8/1/2005 6:56:08 PM 268 C:\Documents and Settings\Steve\Application Data\LMCPaper.dat
8/1/2005 6:56:08 PM 3932 C:\Documents and Settings\Steve\Application Data\LMLayout.dat
5/23/2003 11:18:48 PM 784 C:\Documents and Settings\Steve\Application Data\mpauth.dat
8/18/2005 2:31:22 PM 48 C:\Documents and Settings\Steve\Application Data\Sskcwrd.dll
8/18/2005 2:12:58 PM 445107 C:\Documents and Settings\Steve\Application Data\Sskknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
SV1 =
acc=ventura5 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fyfxqxxk
{bbeb6c29-ed19-4527-b129-b3533cae8eda} = C:\WINDOWS\system32\jajab.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C7A2084B-969C-439A-96E8-176BF9A93879}
WSEL Services = C:\Program Files\WhistleSoftware\WselServices\webband.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
&Research = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{B63D81CF-90DC-4D13-8782-9524A2752039} = The Fantasy Football Toolbar : C:\Program Files\The Fantasy Football Toolbar\DD8A85EA.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = COMMUNICATOR : C:\WINDOWS\SYSTEM32\communicator.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
UpdReg C:\WINDOWS\UpdReg.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Opware12 "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
nwiz nwiz.exe /install
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Mapi Dent C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
LMPDPSRV C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
diagent "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Desktop Weather 3 C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/19/2005 3:56:25 AM

Thanks a lot for your help!

steveb1164 · 08-19-2005, 06:47 AM

I'm still getting quite a few popups, but at least the toolbars and the top of webpage ads are gone.

steveb1164 · 08-19-2005, 06:57 AM

Here's my new log.

Logfile of HijackThis v1.99.1
Scan saved at 5:50:46 AM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\MightyFax NT\MFNTCTL.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks for your help!

sUBs · 08-19-2005, 07:40 AM

Can you tell me more about this program - C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
What does it do?

I have attached a file to this post - regdel.txt
Download it & rename it "regdel.REG" (inclusive of the quotes)
Make sure you do not mistakenly rename it as regdel.reg.txt (double extensions)
Double-click on it & answer YES when prompted to merge into the Registry

Please save these instructions in Notepad & close your browser after that.

Whilst in Normal mode...

Have HijackThis fix these:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run

Copy the filenames listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy

C:\WINDOWS\SYSTEM32\conres.cpl
C:\WINDOWS\SYSTEM32\b1s.dlltmp
C:\WINDOWS\SYSTEM32\biR.exe
C:\WINDOWS\system32\jajab.dll
C:\WINDOWS\SYSTEM32\c17b6s.dll
C:\WINDOWS\SYSTEM32\c41bRs.dll
C:\WINDOWS\SYSTEM32\datadx.dll
C:\WINDOWS\SYSTEM32\jajab.dll
C:\WINDOWS\SYSTEM32\ssssgss.dll
C:\WINDOWS\SYSTEM32\TV_ENG32.DLL
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nani.exe
C:\Documents and Settings\Steve\Application Data\Sskcwrd.dll
C:\Documents and Settings\Steve\Application Data\Sskknwrd.dll

Launch KillBox.exe

Go to the File menu, and choose Paste from Clipboard
Click the dropdown-arrow next to the Full Path of File to Delete field.
Verify that the filenames you pasted are found in there.
Select/tick the following:
- Replace on Reboot
- Unregister dlll Before deleting * if it's not grayed out
Click the RED X button.
Click Yes at the Delete on Reboot prompt.
Click Yes at the 'Pending Operations prompt'.

After you have rebooted, please try to do the Panda online scan

If that fails, perform an online scan with Internet Explorer with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Standard
- Scan Options:
- Scan Archives
  Scan Mail Bases
Click OK
Now under select a target to scan:
- Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.

Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

Do another TrendMicro Antispyware scan.

In your next reply, please include the following logs:

Fresh HJT log

Online scan's log

TrendMicro's log

Tell me how the machine is behaving now.

steveb1164 · 08-19-2005, 06:35 PM

When I rebooted the computer a black dos looking box popped up for a few seconds and it said something about nani.exe. After running the 2 scans(couldn't get Panda to work again), I unchecked the nani.exe in msconfig under startup and rebooted. So far there haven't been any pops, but I haven't surfed much yet. I'm pretty sure the nani.exe has something to do with the problem. Almost all of the other startups are in Program Files, but nani is in Documents and Settings/All Users/Start Menu. I don't know if this matters but I run XP Pro with 2 other logins without administrative priviledges.

Logfile of HijackThis v1.99.1
Scan saved at 5:25:32 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\MightyFax NT\MFNTCTL.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Antispyware:

Started Scanning
Internet Cookies
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\Channels\DATING'
Found '' in 'Software\Kazaa\Channels\DATING_BROWSE'
Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE'
Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE'
Found '' in 'Software\Kazaa\Channels\P2P'
Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE'
Found '' in 'Software\Kazaa\Channels\WEBSEARCH'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Promotions\Broadband'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'SOFTWARE\TrayNotifier'
Found '' in 'SOFTWARE\Internet Washer'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'software\classes\ImcWselParser.WselParser'
Found '' in 'software\classes\ImcWselParser.WselParser.1'
Found '' in 'software\classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CurVer'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'software\classes\WselServices.WselLogServices.1'
Found '' in 'software\classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices'
Found '' in 'software\classes\WselServices.WselNetworkServices.1'
Found '' in 'software\classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'software\classes\WselServices.WselXmlServices.1'
Found '' in 'software\classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CurVer'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StatBlaster'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Vendor\xml'
Found '' in 'SOFTWARE\Classes\Remove'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'WhistleHlprObj.WhistleHlprObj'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj'
Found '' in 'Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\HELPDIR'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Found 'data.bin' in 'C:\Program Files\Aprps'
Found 'wsuin.bat' in 'C:\Program Files\Common Files\System'
Found '' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\BGP2P'
Found '' in 'C:\Program Files\Kazaa\Db'
Found '' in 'C:\Program Files\Kazaa\My Shared Folder'
Found '' in 'C:\Program Files\Lycos'
Found '' in 'C:\Program Files\Lycos\Sidesearch'
Found '' in 'C:\Program Files\Media Access'
Found '' in 'C:\Program Files\MyWay'
Found 'client.exe' in 'C:\Program Files\ParadisePoker'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Found 'FT1_02_0_402_GEPFAH.EXE' in 'C:\WINDOWS'
Found 'Belt.inf' in 'C:\WINDOWS\INF'
Found 'biini.inf' in 'C:\WINDOWS\INF'
Found 'back.gif' in 'C:\WINDOWS\SYSTEM32'
Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\SYSTEM32'
Found 'MSrev21.dll' in 'C:\WINDOWS\SYSTEM32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\Aprps\data.bin' in shortcut areas.
Checking for 'C:\Program Files\Aprps\data.bin' in startup areas.
Cleaning 'C:\Program Files\Aprps\data.bin'
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in shortcut areas.
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in startup areas.
Cleaning 'C:\Program Files\Common Files\System\wsuin.bat'
Checking for 'C:\Program Files\Kazaa' in shortcut areas.
Checking for 'C:\Program Files\Kazaa' in startup areas.
Cleaning 'C:\Program Files\Kazaa'
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\versions.dat'
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ctx4-040924.cab'
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb'
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb'
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab'
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tss4.cab'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe'
Checking for 'C:\Program Files\Kazaa\BGP2P' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P'
[SCANMODS] The file 'C:\Program Files\Kazaa\BGP2P' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in shortcut areas.
Found 'My Shared Folder.url' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder'
[SCANMODS] The file 'C:\Program Files\Kazaa\My Shared Folder' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Lycos' in shortcut areas.
Checking for 'C:\Program Files\Lycos' in startup areas.
Cleaning 'C:\Program Files\Lycos'
Checking for 'C:\Program Files\Lycos\Sidesearch' in shortcut areas.
Checking for 'C:\Program Files\Lycos\Sidesearch' in startup areas.
Cleaning 'C:\Program Files\Lycos\Sidesearch'
[SCANMODS] The file 'C:\Program Files\Lycos\Sidesearch' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Media Access' in shortcut areas.
Checking for 'C:\Program Files\Media Access' in startup areas.
Cleaning 'C:\Program Files\Media Access'
Checking for 'C:\Program Files\MyWay' in shortcut areas.
Checking for 'C:\Program Files\MyWay' in startup areas.
Cleaning 'C:\Program Files\MyWay'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in shortcut areas.
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\Paradise Poker\'
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in startup areas.
Cleaning 'C:\Program Files\ParadisePoker\client.exe'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in shortcut areas.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in startup areas.
Cleaning 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE'
Checking for 'C:\WINDOWS\INF\Belt.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\Belt.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\Belt.inf'
Checking for 'C:\WINDOWS\INF\biini.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\biini.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\biini.inf'
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\back.gif'
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico'
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\MSrev21.dll'
Finished Cleaning

steveb1164 · 08-19-2005, 06:37 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Friday, August 19, 2005 16:07:11
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 19/08/2005
Kaspersky Anti-Virus database records: 136062
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 92233
Number of viruses found: 21
Number of infected objects: 669
Number of suspicious objects: 0
Duration of the scan process: 6173 sec

Infected Object Name - Virus Name
C:\Program Files\Aprps\CxtPls.dll Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Aprps\CxtPls.exe Infected: Trojan-Downloader.Win32.Apropo.ag
C:\Program Files\Norton AntiVirus\Quarantine\00603E01 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\00840BDA Infected: Trojan-Dropper.VBS.Inor.a
C:\Program Files\Norton AntiVirus\Quarantine\015F3880 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\016902AD/[From <big@boss.com>][Date Sun, 10 Aug 2003 1:46:47 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\016902AD Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\017D7E98/[From <big@boss.com>][Date Sun, 10 Aug 2003 1:46:48 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\017D7E98 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\01AA4E96 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\02260A0E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\036B7373 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\038F414C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\03A9112F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\03B9631D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\03BE144F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\03CD5F08 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\03E05AF2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\042A236D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\047F670F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\09AD6EE2 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\0A6538DF Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0ABD1EF2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0AD01ADD Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0B8B3F62 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0C821BFC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0C9941E3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0CBA65BF Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0CDE029A/[From <big@boss.com>][Date Sun, 29 Jun 2003 15:39:44 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\0CDE029A Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\0CF27E85/[From <big@boss.com>][Date Sun, 29 Jun 2003 15:39:46 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\0CF27E85 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\0D9851CB Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0DAC57B8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0DEC2159 Infected: Net-Worm.Win32.Mytob.be
C:\Program Files\Norton AntiVirus\Quarantine\0ED64D37 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\0F7C2A80 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0F8F13A2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\0FC0368C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\10C5556D Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\10D6275B Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\112469E4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\11343BD2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\113943BE Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\113B3CEB Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\115313A2 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\116D457E/[From <big@boss.com>][Date Wed, 28 May 2003 10:01:44 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\116D457E Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\119D287F/[From <big@boss.com>][Date Wed, 2 Jul 2003 20:37:47 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\119D287F Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\11AA5071/[From <big@boss.com>][Date Wed, 2 Jul 2003 20:37:48 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\11AA5071 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\125F067B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\126B7D9D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\12963237 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\12DA23EC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\13266999/[From <big@boss.com>][Date Wed, 28 May 2003 17:53:27 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\13266999 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\132D462D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\13363B87/[From <big@boss.com>][Date Wed, 28 May 2003 17:53:30 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\13363B87 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\13930DA0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\13C563D1/[From <big@boss.com>][Date Mon, 7 Jul 2003 19:25:44 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\13C563D1 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\143B5A67 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\144F5652 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\14640CBA/[From <big@boss.com>][Date Sun, 27 Jul 2003 12:08:00 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\14640CBA Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\147134AC/[From <big@boss.com>][Date Sun, 27 Jul 2003 12:08:01 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\147134AC Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\1493353E Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\149B2711 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\14AE22FC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\14BE69D8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\14C548E3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\14DC6EC9 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\15837B7E/[From <big@boss.com>][Date Sun, 27 Jul 2003 15:41:17 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\15837B7E Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\15944D6C/[From <big@boss.com>][Date Sun, 27 Jul 2003 15:41:18 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\15944D6C Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\15C61FEC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\15FF36F6 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\16206D71 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\16544EB2/[From <big@boss.com>][Date Thu, 10 Jul 2003 10:21:57 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\16544EB2 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\166B7499/[From <big@boss.com>][Date Thu, 10 Jul 2003 10:22:00 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\166B7499 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\168750C9/[From <big@boss.com>][Date Mon, 7 Jul 2003 19:25:48 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\168750C9 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\169C6A63 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\16A80258 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\16B0664D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\16BE7D94 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\16C0383B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\16FF6244 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\17017FF4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1706328C Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\17147206 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1716047A Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\174E42D4/[From <big@boss.com>][Date Mon, 30 Jun 2003 1:19:51 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\174E42D4 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\1760418B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\176812B7/[From <big@boss.com>][Date Mon, 30 Jun 2003 1:19:53 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\176812B7 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\17843B4A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\17CA0D65 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\181012F2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\182A62D5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\18330413/[From <big@boss.com>][Date Thu, 22 May 2003 9:55:49 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\18330413 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\189B7D65 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\18AB4F53 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\18B3541D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\19317AE2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\197316B3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\19771D66 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1A1D748A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1A690A74 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1A7B0064/[From <big@boss.com>][Date Wed, 28 May 2003 15:59:01 +1000]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\1A7B0064 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\1A7B3621 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1A7F305B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1A9D24FA Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1AB63DE5 Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\1AB77A1E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1AD74DBD Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1ADB47F6 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\1BA55B62 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1BCC5337 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1BCD7DB7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1BE04F22 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1BFA1F05 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1C04477A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1C184364 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1C37598F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1C4E7F75 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1C9B3367 Infected: Email-Worm.Win32.Gibe.b
C:\Program Files\Norton AntiVirus\Quarantine\1CD10EE6 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1D0372F4 Infected: Email-Worm.Win32.Gibe.b
C:\Program Files\Norton AntiVirus\Quarantine\1D102248 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1D341D6A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1D531E56 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1DC61A87/[From <big@boss.com>][Date Sun, 6 Jul 2003 20:18:07 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\1DC61A87 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\1E134476 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\1E231664 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\1E336852 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\1E812AB2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1E8501F8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1EAF7680 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1F0D5189 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1F3A1D57 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1F420528 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\1F7536D5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1FB004D5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1FC72ABC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\1FE503C8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2027002C Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\202D0147 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\208757E8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\20C155D6/[From <big@boss.com>][Date Fri, 4 Jul 2003 3:19:53 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\20C155D6 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\21207BDB Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\21D41CA8/[From <big@boss.com>][Date Fri, 4 Jul 2003 3:19:56 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\21D41CA8 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\21E34E44/[From <big@boss.com>][Date Fri, 23 May 2003 20:49:34 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\21E34E44 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\21F74A2E/[From <big@boss.com>][Date Fri, 23 May 2003 20:49:35 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\21F74A2E Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\21F84EEE Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\22071C1C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\22561086 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\228D5589 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\229A7C15/[From <big@boss.com>][Date Fri, 4 Jul 2003 8:43:05 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\229A7C15 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\22B121FC/[From <big@boss.com>][Date Fri, 4 Jul 2003 8:43:06 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\22B121FC Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\22CB7344 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\22DC49F3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\22DE6F2F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\22F045DD Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\22F04829 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\230C3AFC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\23310D95 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\23755AF3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\23B23A2A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\23CF340A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\24542655 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2455491E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\245B38D4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\246E7639 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\24A9559E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\24E25792 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\24F6537C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\24FE6C20 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\25B700A8/[From <big@boss.com>][Date Fri, 4 Jul 2003 23:51:36 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\25B700A8 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\25C4289A/[From <big@boss.com>][Date Fri, 4 Jul 2003 23:51:38 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\25C4289A Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\26406411/[From <big@boss.com>][Date Sat, 5 Jul 2003 2:20:48 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\26406411 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\265035FF/[From <big@boss.com>][Date Sat, 5 Jul 2003 2:20:51 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\265035FF Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\27330F78 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\274A355F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\27D318C8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\287A7611 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\288438DC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\28966780/[From <big@boss.com>][Date Sat, 5 Jul 2003 2:20:48 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\28966780 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\289834C6 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\289F4632 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\28AB30B1 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\28B03763/[From <big@boss.com>][Date Sat, 5 Jul 2003 2:20:51 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\28B03763 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\28CA6803 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\28FB5DCE/[From <big@boss.com>][Date Thu, 5 Jun 2003 9:41:40 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\28FB5DCE Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\29185635.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\295861F2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2963779D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\298E3F2C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\29A13B16 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2A407078 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2AAD2DF0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2ABD7FDE Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2ADD561E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2B882AFF Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2B9B26E9 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2BAD08D4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2BC42EBB Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2C240A52 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2C3F5A36/[From <big@boss.com>][Date Thu, 5 Jun 2003 23:00:07 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2C3F5A36 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2C4F2C24/[From <big@boss.com>][Date Thu, 5 Jun 2003 23:00:08 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2C4F2C24 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2C656DC7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2CB45D71/[From <big@boss.com>][Date Tue, 3 Jun 2003 13:08:01 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2CB45D71 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2CBC25AA Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2CD02195 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2CFD6D62 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2D155FAC Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\2D6A234F Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\2D6D00E8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2D807CD2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2DA120AF Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2E6821D3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2E7361D4 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2E851BB3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2E875DBE Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2EB12B9F/[From <big@boss.com>][Date Mon, 7 Jul 2003 11:19:48 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2EB12B9F Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\2EB17F90 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2EC3746E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2ED87765 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2EDE0952 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2EF91B41 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2F0C172B Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2F4136F2 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2F5F770B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\2F992491 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2FC34662 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2FD7424C Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2FEE6833 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\2FFE3A21 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\3001102D/[From <big@boss.com>][Date Mon, 7 Jul 2003 11:19:50 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\3001102D Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\30050E1A Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\300E0C0F Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30180A04 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\302207FA Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30255E05 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\302C05EF Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\303259E8 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30392DE1 Infected: Email-Worm.Win32.Dumaru.a
C:\Program Files\Norton AntiVirus\Quarantine\303F01D9 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\304655D2 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\305053C7 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\305951BD Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\305D796C/[From <big@boss.com>][Date Sun, 1 Jun 2003 2:15:57 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\305D796C Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\306025B5 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\306779AE Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30774B9C Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\307A734C/[From <big@boss.com>][Date Sun, 1 Jun 2003 2:15:58 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\307A734C Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\307E7789 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\30814991 Infected: Email-Worm.Win32.Sobig.f.dam
C:\Program Files\Norton AntiVirus\Quarantine\308E4977 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\30911B7F Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\309B1975 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30A16D6E Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30A84166 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30B23F5C Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30B81354 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30BF674D Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30C538F9/[From <big@boss.com>][Date Sun, 1 Jun 2003 9:21:00 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\30C538F9 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\30CC0F3F Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30D260EB/[From <big@boss.com>][Date Sun, 1 Jun 2003 9:21:01 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\30D260EB Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\30D26338 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30D93730 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30E33526 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30E906D1 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\30E9091E Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30F05D17 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30F30714 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30FA5B0C Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\30FC5AB4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\31002CB8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\31035902 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31051F3B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\310A2CFB Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\311000F3 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\311D28E5 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31247CDE Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\312A50D7 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\313124CF Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\313B22C5 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\313E4A74 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\314176BD Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\314B74B3 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\3152465E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\315248AB Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31581CA4 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31621A99 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\316C188F Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31726C88 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\317C6A7D Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31866625 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\31866872 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\318C3C6B Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31931064 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\319A3C50 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\31A03855 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31A70C4E Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31AE383B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\31B43440 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31BA0838 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31C4062E Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31CB5A26 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31D12E1F Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31D80218 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31E1000D Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31E85406 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31EE27FF Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\31EF7FF3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\31F825F4 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\320223E9 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\320C21DF Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\321275D7 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\321949D0 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\321A100A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\322347C5 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\32291BBE Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\322E0BF4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\32306FB7 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\323643B0 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\324041A5 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\324A3F9A Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\32543D90 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\325A1188 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\32616581 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\326B6376 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\3271376F Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\327B3564 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\3285335A Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\328E314F Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\32950548 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\32965824 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\32A62A12/[From <big@boss.com>][Date Thu, 29 May 2003 1:43:37 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\32A62A12 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\32A90132 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\32AF552B Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\32B77C00/[From <big@boss.com>][Date Thu, 29 May 2003 1:43:40 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\32B77C00 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\34EC1556 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\359F1A91 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\35B60173 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\35D7254F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\35FB7328 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\35FD549E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\366008B9 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\36AB4E66 Infected: Email-Worm.Win32.Gibe.b
C:\Program Files\Norton AntiVirus\Quarantine\37035521/[From <big@boss.com>][Date Fri, 8 Aug 2003 22:27:08 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\37035521 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\37405310 Infected: Trojan-Downloader.Win32.Agent.oa
C:\Program Files\Norton AntiVirus\Quarantine\37613516 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\378258F2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\38495A17/[From <big@boss.com>][Date Sun, 27 Jul 2003 2:35:24 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\38495A17 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\38560209/[From <big@boss.com>][Date Sun, 27 Jul 2003 2:35:26 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\38560209 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\387D79DE Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3A9B48F3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3BB463BE Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3CAB3A5C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3D461004 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3E6F7CBD Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3E7665F5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3E8378A7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3F5B60F9 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\3FDD20AF Infected: Net-Worm.Win32.Mytob.be
C:\Program Files\Norton AntiVirus\Quarantine\428711E7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\42A835C3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\42FD7D41/[From <big@boss.com>][Date Sun, 25 May 2003 11:56:16 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\42FD7D41 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\43442E5D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\43795F88 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\43932F6B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\43B45347 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\43DE4E49/[From <big@boss.com>][Date Sun, 25 May 2003 11:56:18 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\43DE4E49 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\453506D0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\454B4222 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\46516103 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\46815CF5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\46B34C97 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\470B440D/[From <big@boss.com>][Date Sun, 22 Jun 2003 0:43:52 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\470B440D Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\471F3FF8/[From <big@boss.com>][Date Sun, 22 Jun 2003 0:43:54 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\471F3FF8 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\474D0BC5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\475D5DB3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4792349D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\479E256C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\47B86B77 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\47DC3950 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\485E48C0 Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\488C148E Infected: Email-Worm.Win32.Sobig.b
C:\Program Files\Norton AntiVirus\Quarantine\494A2195 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\499C3B3B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\49A52F59 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\49D33847 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\49D45161 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\49DA58F7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\49FF71CA Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4A05472B/[From <big@boss.com>][Date Tue, 22 Jul 2003 15:58:39 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4A05472B Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4A140E07 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4A151919/[From <big@boss.com>][Date Tue, 22 Jul 2003 15:58:40 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4A151919 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4A2A139C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4AAB5811 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4ADB542E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4ADC12DB Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4B5B784F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4B9A1D6E/[From <big@boss.com>][Date Tue, 22 Jul 2003 21:02:29 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4B9A1D6E Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4BAA6F5C/[From <big@boss.com>][Date Tue, 22 Jul 2003 21:02:30 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4BAA6F5C Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4BF52DA6/[From <big@boss.com>][Date Thu, 29 May 2003 9:39:49 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4BF52DA6 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4C0177A8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4C1D50E1 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\4C217ADD Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\4C7E0BCF Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4D0B25D7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4D3946FA Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4E080B6C Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\4E6A7700/[From <big@boss.com>][Date Sun, 6 Jul 2003 20:18:07 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4E6A7700 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4E771EF2/[From <big@boss.com>][Date Sun, 6 Jul 2003 20:18:08 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4E771EF2 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\4E9418D2 Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\4EBF14E4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\4FAD339D Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\500C7534/[From <big@boss.com>][Date Sun, 6 Jul 2003 20:18:07 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\500C7534 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\50191D26/[From <big@boss.com>][Date Sun, 6 Jul 2003 20:18:08 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\50191D26 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\501D3B8F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\50361706 Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\51411A8A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\51574071 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5168125F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\52F406A7.class Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\54140C8B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5431066B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\54734E23 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\54BB1A7A/[From <big@boss.com>][Date Wed, 30 Jul 2003 20:17:57 --0500]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\54BB1A7A Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\55457DE3/[From <big@boss.com>][Date Wed, 30 Jul 2003 23:49:14 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\55457DE3 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\55554FD1/[From <big@boss.com>][Date Wed, 30 Jul 2003 23:49:16 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\55554FD1 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5571723C/[From <big@boss.com>][Date Wed, 18 Jun 2003 23:30:56 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5571723C Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\56477DD9 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\56B555A7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\56C62A09/[From <big@boss.com>][Date Wed, 28 May 2003 10:01:44 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\56C62A09 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\57116F8C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\58233689 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\582F5C06 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\58470FA0/[From <big@boss.com>][Date Sun, 29 Jun 2003 0:20:34 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\58470FA0 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\585A0B8A/[From <big@boss.com>][Date Sun, 29 Jun 2003 0:20:36 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\585A0B8A Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5878056A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\58982946 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\58D63437 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\59BF35C5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5CB1435B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5CC21549 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5D1C0617 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5D474755 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5DED3252 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5E045839 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5E0F4FDB Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5E185423 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5E49439A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5E973997/[From <big@boss.com>][Date Wed, 6 Aug 2003 10:18:12 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5E973997 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5EA155D8 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\5EA70B85/[From <big@boss.com>][Date Wed, 6 Aug 2003 10:18:10 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5EA70B85 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5EC46F15 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\5FA648B8/[From <big@boss.com>][Date Mon, 16 Jun 2003 23:12:04 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\5FA648B8 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\61EF5B58 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\626F19D1/[From <big@boss.com>][Date Wed, 21 May 2003 23:35:40 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\626F19D1 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\64924FD6 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\64B878D5/[From <big@boss.com>][Date Fri, 8 Aug 2003 22:27:08 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\64B878D5 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\64CF1EBC/[From <big@boss.com>][Date Fri, 8 Aug 2003 22:27:10 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\64CF1EBC Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6512354A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\65295B31 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\658871F4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\659B6DDE Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\65A815D0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\65C21088 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\66075768/[From <big@boss.com>][Date Wed, 6 Aug 2003 10:18:12 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\66075768 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\66147F5A/[From <big@boss.com>][Date Wed, 6 Aug 2003 10:18:10 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\66147F5A Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\66EF6EB4/[From <big@boss.com>][Date Mon, 16 Jun 2003 23:12:05 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\66EF6EB4 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\67127516 Infected: Email-Worm.Win32.Sobig.d
C:\Program Files\Norton AntiVirus\Quarantine\671F1D08 Infected: Email-Worm.Win32.Sobig.d
C:\Program Files\Norton AntiVirus\Quarantine\673D16E7 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\677A737E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\67AB6948 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\680D54DC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\681F62D8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\684B0317 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\69117A3B Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\692919A4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\693F4608 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\69521A14 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\69524D86 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6968736D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6985313F/[From <big@boss.com>][Date Tue, 24 Jun 2003 14:32:34 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6985313F Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6995032D/[From <big@boss.com>][Date Tue, 24 Jun 2003 14:32:36 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6995032D Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\699E07A0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6AF021BE Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6B0747A5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6B0F4E90 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\6B1F61F8 Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\6B403946/[From <big@boss.com>][Date Sat, 5 Jul 2003 9:32:35 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6B403946 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6BA503AE/[From <big@boss.com>][Date Thu, 22 May 2003 0:12:25 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6BA503AE Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6C8C1887 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6CD43438 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6D152F62/[From <big@boss.com>][Date Sat, 14 Jun 2003 6:59:09 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6D152F62 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6D1825ED Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6D250150/[From <big@boss.com>][Date Sat, 14 Jun 2003 6:59:10 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6D250150 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6DAA6593/[From <big@boss.com>][Date Wed, 18 Jun 2003 23:30:56 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6DAA6593 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6DAE64B9 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6DBB3781/[From <big@boss.com>][Date Wed, 18 Jun 2003 23:30:58 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6DBB3781 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6DC50AA0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6DD03074/[From <big@boss.com>][Date Sat, 5 Jul 2003 9:32:37 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6DD03074 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6DF6006A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6E0A60C3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6E5637AA/[From <big@boss.com>][Date Sun, 10 Aug 2003 13

27 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6E5637AA Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6E660998/[From <big@boss.com>][Date Sun, 10 Aug 2003 13

25 --0400]/Sample.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6E660998 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\6E915DA0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6EA12F8E Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6F211502 Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\6F5736E6 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6F6708D4 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6F8B56AD Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6FB01A2D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6FC74014 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\6FD466CA Infected: Email-Worm.Win32.Sobig.e
C:\Program Files\Norton AntiVirus\Quarantine\70B843C8 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\70CC3FB2 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\70E60F95 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\70EE2487 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\71022071 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\71090708 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\712356EC Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\715D2142 Infected: Email-Worm.Win32.Sobig.f
C:\Program Files\Norton AntiVirus\Quarantine\71624B0D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\71721CFB Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\718618E5 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\71966AD3 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\71F16FCF/[From <big@boss.com>][Date Tue, 3 Jun 2003 21:49:03 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\71F16FCF Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\720815B6/[From <big@boss.com>][Date Tue, 3 Jun 2003 21:49:05 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\720815B6 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\728E4A0B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7291791F Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\72C73A72 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\72CC6CDE Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\72DD516C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\72F60EB0 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73245A7D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73285217 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73385668 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\733F2549 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73482856 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73522134 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\73791E20 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\738D1A0A Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\739D6BF8/[From <big@boss.com>][Date Wed, 4 Jun 2003 20:46:03 --0400]/Untitled1.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\739D6BF8 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\73AD3DE6/[From <big@boss.com>][Date Wed, 4 Jun 2003 20:46:07 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\73AD3DE6 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\74C07FA1 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\77221FC6 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\773945AD Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\77466611/[From <big@boss.com>][Date Tue, 1 Jul 2003 20:17:16 --0400]/Document003.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\77466611 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\7749179B Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\783E648D Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7AF32206/[From <big@boss.com>][Date Tue, 1 Jul 2003 20:17:18 --0400]/Movie_0074.mpeg.pif Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\7AF32206 Infected: Email-Worm.Win32.Sobig.a
C:\Program Files\Norton AntiVirus\Quarantine\7B2741CD Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7B2833C1 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7C414E8C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7CC40391 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7CDE5374 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7D3D150C Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7D5010F6 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7E5C5439 Infected: Email-Worm.Win32.Klez.h
C:\Program Files\Norton AntiVirus\Quarantine\7FE4028A Infected: Email-Worm.Win32.Klez.h
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0076928.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0076934.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0076941.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0076943.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077496.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077502.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077511.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077553.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077554.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077571.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077576.exe Infected: Trojan.Win32.Stervis.d
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077640.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077750.exe Infected: Trojan-Dropper.Win32.Agent.og
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077752.dll Infected: Trojan-Dropper.Win32.Agent.of
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077753.dll Infected: Trojan-Dropper.Win32.Agent.of
C:\WINDOWS\SYSTEM32\GSM3-0511.exe/data0002 Infected: Trojan.Win32.Registrator.b
C:\WINDOWS\SYSTEM32\GSM3-0511.exe/data0003 Infected: Trojan-Downloader.Win32.Small.ayh
C:\WINDOWS\SYSTEM32\GSM3-0511.exe Infected: Trojan-Downloader.Win32.Small.ayh

Scan process completed.

sUBs · 08-19-2005, 10:30 PM

Yes.. nani.exe is malware. We removed it during the last pass. It left an orphaned registry entry & you disabled it using msconfig.

Kaspersky's found a lot of infected files from Norton's quarantine folder. Please empty the quarantine folder.

Locate and delete the following file/folder:

C:\Program Files\Aprps\ >> folder
C:\WINDOWS\SYSTEM32\GSM3-0511.exe >> file

Reboot a post a fresh HJT log.

I would like to know if the computer is still giving you any problems.

steveb1164 · 08-19-2005, 11:37 PM

Everything seems to be running smooth although a little slow since I activated all the startup items for this project. Usually I disable all of the startup items. Is this ok to do?

Logfile of HijackThis v1.99.1
Scan saved at 10:32:33 PM, on 8/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\HJT\HijackThis.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\MightyFax NT\MFNTCTL.EXE
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\WinZip\WZQKPICK.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

sUBs · 08-19-2005, 11:47 PM

Jump for joy like this little fella here ->

Your system is clean

You may disable all the startup items you do not require. Just keep the Norton's real time scanner running.

Now that your system is clean, please follow these simple steps in order to keep your computer clean and secure:

Clear & reset System Restore's cache
- click Start >> Run - type SYSDM.CPL & press Enter
- Select the System Restore Tab
- Tick on the checkbox - Turn off System Restore on all drives
- Click Apply
- Then untick the same checkbox & click OK
Disable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.
- Enable - Show hidden files and folder
- Disable - Hide file extensions for known types
- Disable - Hide protected operating system files
Click Yes to confirm & then click OK
Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
  1. Change the Download signed ActiveX controls to Prompt
  2. Change the Download unsigned ActiveX controls to Disable
  3. Change the Initialize and script ActiveX controls not marked as safe to Disable
  4. Change the Installation of desktop items to Prompt
  5. Change the Launching programs and files in an IFRAME to Prompt
  6. Change the Navigate sub-frames across different domains to Prompt
  7. When all these settings have been made, click on the OK button.
  8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
5. Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:
Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:
Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will further enhance your safety

IE/Spyad - IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.
Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
Google Toolbar - Get the free google toolbar to help stop pop up windows.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Winpatrol - Download and install the free version of Winpatrol.
A tutorial for this product is located here:
Using Winpatrol to protect your computer from malicious software

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

After doing all these, your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.

Please respond to this thread one more time so we can mark this thread as resolved.

steveb1164 · 08-20-2005, 12:12 AM

Thanks so much for your help. I just donated $20 to the forum. When this problem happened I renewed my subscription to Norton, before that I didn't have anti-virus software running. Learned that the hard way! They automatically update their virus definitions, don't they? Also, my computer is set for the automatic Windows Update. Do I still need to check the website? I'm not sure if I have a firewall or not. I'll check into that. Thanks again, and this thread is closed!!

**POADB** · 08-20-2005, 01:53 AM

SP2 comes with a firewall. If you have Automatic Updates enabled, there is no need to check the website.

08-19-2005, 12:42 AM	#1 (permalink)
steveb1164 Registered User Join Date: Aug 2005 Posts: 10 OS: Win XP Pro	HJT - ABI Network Logfile of HijackThis v1.99.1 Scan saved at 10:52:47 PM, on 8/18/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\WINDOWS\cmekyya.EXE C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\system32\ccyvkyd.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\Dell Support\DSAgnt.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\America Online 8.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Lexmark X125\LEX125SU.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\MightyFax NT\MFNTCTL.EXE C:\WINDOWS\wziznxp.exe C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\cidaemon.exe C:\Documents and Settings\Steve\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [blakowlqcapsb] C:\WINDOWS\System32\ktvuog.exe O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [71636599.exe] C:\WINDOWS\System32\71636599.exe O4 - HKLM\..\Run: [15746706.exe] C:\WINDOWS\System32\15746706.exe O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wziznxp.exe

08-19-2005, 01:29 AM	#2 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Hello and Welcome to TSF! I just want to warn you up front that you've multiple infections here. So, please be prepared for this to take a couple of rounds. There's a fair bit of work to do & I require your assistance & patience. Please subscribe to this thread to get immediate notification of fixes as soon as they are posted. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Please download these additional files/programs. Do not run them untill instructed to do so. Unless otherwise stated, they should be stored in same directory as the HiJackThis program. CleanUp!.exe - Install. KillBox v2.0.0.175.zip Nailfix.exe Process Explorer LQFix.zip I need you to update Ewido again. Please go to this website - http://www.ewido.net/en/download/updates/ Download the full updated database (Approximately 3600 KB) & install it unto your copy of Ewido. WinPfind.zip TrackQoo.zip 'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise. If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below. IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER. Do not skip any parts of the fix unless it's necessary. It will affect the effeciency of the fix = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run a scan with HijackThis & locate an entry that looks similar to this... C:\WINDOWS\system32\ccyvkyd.exe r the filename might be different but you can identify it by the following traits: * it resides in the system32 folder * it has the lone alphabet "r" at the end. take note of the filename & location. run Process Explorer from the list of processes, locate the file you've just identified. right-click the file & select Suspend leave Process Explorer running with the process suspended = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Copy the filename/s listed below. Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy name of the file you've just Suspended C:\WINDOWS\Nail.exe C:\WINDOWS\system32\exp.exe C:\WINDOWS\system32\lplsds.exe C:\WINDOWS\cmekyya.EXE C:\WINDOWS\System32\syscpy.exe C:\WINDOWS\System32\stcloader.exe C:\WINDOWS\System32\SahAgent.exe C:\WINDOWS\System32\ktvuog.exe C:\WINDOWS\Belt.exe C:\WINDOWS\mwsvm.exe C:\WINDOWS\System32\71636599.exe C:\WINDOWS\System32\15746706.exe C:\WINDOWS\system32\ccyvkyd.exe C:\PROGRA~1\INTERN~2\iw.exe min c:\windows\SvcProc.exe C:\WINDOWS\wziznxp.exe Launch KillBox.exe Go to the File menu, and choose Paste from Clipboard Click the dropdown-arrow next to the Full Path of File to Delete field. Verify that the filenames you pasted are found in there. Select/tick the following: Delete on Reboot End Explorer Shell While Killing File Unregister dlll Before deleting * if it's not grayed out Click the RED X button. Click Yes at the Delete on Reboot prompt. Click Yes at the 'Pending Operations prompt'. * If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually . * If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Next, please reboot your computer in SafeMode by doing the following: 1. Restart your computer 2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8. 3. Instead of Windows loading as normal, a menu should appear 4. Select the first option, to run Windows in Safe Mode. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Uninstall the following programs, if present, using Control Panel->Add/Remove Programs: WildTangent VBouncer / Virtual Bouncer Clear Search Search Upgrader Power Scan CMAPP Altnet Kazaa Internet Washer Pro WhistleSoftware = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run Nailfix.exe. Follow the instructions outlined by the setup installer. Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal. Double click on LQFix.zip & Run LQFix.bat = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Click Start->Run - type SERVICES.MSC & then click on the OK button Locate the service - Windows Overlay Components Double-click on it to open the Properties dialog. Stop the service by using the Stop button. Change the Startup type to Disabled & then click on the OK button = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS Run a scan with HiJackThis & select/tick the following & click "Fix checked" : F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe O4 - HKLM\..\Run: [blakowlqcapsb] C:\WINDOWS\System32\ktvuog.exe O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe O4 - HKLM\..\Run: [71636599.exe] C:\WINDOWS\System32\71636599.exe O4 - HKLM\..\Run: [15746706.exe] C:\WINDOWS\System32\15746706.exe O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe" O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr. exe O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing) O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wziznxp.exe = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = If you have not done so already, please enable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab. Enable - Show hidden files and folder Disable - Hide file extensions for known types Disable - Hide protected operating system files Click Yes to confirm & then click OK Locate and delete the following folder(s), if present: C:\Program Files\Internet Washer C:\Program Files\Common Files\slmss\ C:\Program Files\WhistleSoftware\ C:\Program Files\CMAPP\ c:\program files\altnet\ C:\Program Files\ClearSearch\ C:\WINDOWS\System32\P2P Networking\ C:\Program Files\Power Scan\ C:\Program Files\Common files\SearchUpgrader C:\Program Files\VBouncer\ C:\Program Files\WildTangent = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run Cleanup! using the following configuration: 1. Click Options... 2. Set the slider to Standard CleanUp! 3. Uncheck the following: Delete Newsgroup cache Delete Newsgroup Subscriptions Scan local drives for temporary files 4. Click OK 5. Press the CleanUp! button to start the program. Reboot/logoff when prompted. * CleanUp! will not create any backups!! = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Run Ewido with it's updated definitions:(...it's important that all windows must be closed) 1. Click Scanner 2. Click Complete System Scan to begin scanning. 3. Click OK when prompted to clean files 4. With the first file it prompts to clean, select the option: "Perform action on all infections" 5.Choose clean and click OK. 6. Once finished, click the Save report button 7. Save the report to your desktop Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Double-click WinPFind.zip & extract the contents to a new folder at Drive C. 1. From within that folder, double click WinPFind.exe 2. Click Start Scan 3. Once the Scan is complete, it will create a report in a text file 4. Go to the WinPFind folder & locate WinPFind.txt 5. Post the results in your next reply! This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = REBOOT TO NORMAL MODE Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it Click On 'Scan Now' Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB Begin the scan by selecting My Computer * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report. If it finds any malware, it will offer you a report. Click on see report Then click Save report Post the contents of the report in your next reply * Turn off the real time scanner of any existing antivirus program while performing the online scan Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button). Save it to your desktop. Double-click the new icon on your desktop - tmas-web-scan.exe It will say "Loading TrendMicro definitions". Once the definitions are loaded, the program will appear to close then re-open. Click Start Scan After it's done scanning, click "Scan Results" Make sure all items found have a check next to them, then click Clean Threats Now. Click Exit. Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here. = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = Extract the contents of TrackQoo.zip & double-click on TrackQoo1.vbs. Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next reply. * If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless! In your next post, please include fresh logs from: HiJackThis log Online Scan Ewido WinPfind TrackQoo1.vbs Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now __________________ Question - what have you done for the community today? Last edited by sUBs; 08-19-2005 at 01:32 AM.

08-19-2005, 06:03 AM	#4 (permalink)
steveb1164 Registered User Join Date: Aug 2005 Posts: 10 OS: Win XP Pro	New Logs This is in 2 parts. I thought everything was fine until I just got a popup for 888.com. Panda ActiveScan didn't seem to do anything. I waited 10 minutes and nothing changed, so I stopped it. I also didn't run HiJackThis again at the end. I didn't know if you wanted me to. Here are the logs. HiJackThis: Logfile of HijackThis v1.99.1 Scan saved at 1:54:41 AM, on 8/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Documents and Settings\Steve\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE O4 - Global Startup: nani.exe O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing) O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Ewido: --------------------------------------------------------- ewido security suite - Scan report --------------------------------------------------------- + Created on: 3:38:47 AM, 8/19/2005 + Report-Checksum: CDEFAE02 + Scan result: C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077460.exe -> Spyware.Delfin : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077461.dll -> Spyware.WinAD : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077462.exe -> Spyware.WinAD : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077463.dll -> Spyware.DealHelper : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077464.exe -> Spyware.DealHelper : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077465.dll -> Spyware.DealHelper : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077466.dll -> Spyware.DealHelper : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077467.exe -> Spyware.DealHelper : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077468.exe -> TrojanDownloader.Intexp.d : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077469.dll -> Spyware.Hijacker.Generic : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077470.exe -> Trojan.Imiserv.c : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077471.exe -> Spyware.EliteBar : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077472.dll -> Spyware.EliteBar : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077473.exe -> Trojan.Imiserv.c : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077474.exe -> Adware.SaveNow : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077475.dll -> TrojanDownloader.Agent.mk : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077478.dll -> Spyware.SafeSurfing : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077479.exe -> Trojan.Zx.12 : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077482.exe -> Spyware.SafeSurfing : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077483.exe -> Spyware.ISearch : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077484.dll -> Spyware.HotSearchBar : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077485.exe -> Spyware.WinAD : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077487.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077488.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077489.dll -> Spyware.VirtualBouncer : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077490.exe -> TrojanDropper.Agent.hl : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077491.dll -> Spyware.iLookup : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077492.exe -> TrojanDownloader.Agent.ro : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077499.dll -> Spyware.EliteBar : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077500.dll -> Spyware.EliteBar : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077501.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077503.exe -> Spyware.CASClient : Cleaned with backup C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077505.exe -> Spyware.EliteBar : Cleaned with backup ::Report End Antispyware Log: Started Scanning Internet Cookies Found 'casalemedia.com' in 'Internet Explorer Cache' Found 'tribalfusion.com' in 'Internet Explorer Cache' Programs in Memory Windows Registry Found '' in 'Software\Kazaa' Found '' in 'Software\Kazaa\ResultsFilter' Found '' in 'Software\Kazaa\Settings' Found '' in 'Software\Kazaa\Transfer' Found '' in 'Software\KaZaA\CloudLoad' Found '' in 'Software\KaZaA\ConnectionInfo' Found '' in 'Software\KaZaA\LocalContent' Found '' in 'Software\Kazaa' Found '' in 'Software\Kazaa\Advanced' Found '' in 'Software\Kazaa\Channels\DATING' Found '' in 'Software\Kazaa\Channels\DATING_BROWSE' Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE' Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE' Found '' in 'Software\Kazaa\Channels\P2P' Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE' Found '' in 'Software\Kazaa\Channels\WEBSEARCH' Found '' in 'Software\Kazaa\LocalContent' Found '' in 'Software\Kazaa\Promotions\Broadband' Found '' in 'Software\Kazaa\Skins' Found '' in 'Software\Kazaa\UserDetails' Found '' in 'SOFTWARE\Kazaa\Bandwidth\in' Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate' Found '' in 'SOFTWARE\Kazaa\Bandwidth\out' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe' Found '' in 'SOFTWARE\TrayNotifier' Found '' in 'SOFTWARE\Internet Washer' Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}' Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32' Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID' Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib' Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID' Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}' Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32' Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID' Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib' Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID' Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}' Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32' Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID' Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib' Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID' Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}' Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32' Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}' Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32' Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID' Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib' Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID' Found '' in 'software\classes\ImcWselParser.WselParser' Found '' in 'software\classes\ImcWselParser.WselParser.1' Found '' in 'software\classes\ImcWselParser.WselParser.1\CLSID' Found '' in 'software\classes\ImcWselParser.WselParser\CLSID' Found '' in 'software\classes\ImcWselParser.WselParser\CurVer' Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}' Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid' Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib' Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}' Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid' Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib' Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}' Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid' Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib' Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}' Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid' Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib' Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}' Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid' Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib' Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}' Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid' Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib' Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}' Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid' Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib' Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}' Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid' Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib' Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}' Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid' Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib' Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}' Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid' Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib' Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}' Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid' Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib' Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}' Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid' Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib' Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}' Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid' Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib' Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}' Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid' Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib' Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}' Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid' Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib' Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}' Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid' Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib' Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}' Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid' Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32' Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib' Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0' Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32' Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS' Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR' Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0' Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32' Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS' Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR' Found '' in 'software\classes\WselServices.WselLogServices.1' Found '' in 'software\classes\WselServices.WselLogServices.1\CLSID' Found '' in 'software\classes\WselServices.WselNetworkServices' Found '' in 'software\classes\WselServices.WselNetworkServices.1' Found '' in 'software\classes\WselServices.WselNetworkServices.1\CLSID' Found '' in 'software\classes\WselServices.WselNetworkServices\CLSID' Found '' in 'software\classes\WselServices.WselNetworkServices\CurVer' Found '' in 'software\classes\WselServices.WselXmlServices.1' Found '' in 'software\classes\WselServices.WselXmlServices.1\CLSID' Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}' Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID' Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib' Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID' Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}' Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID' Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib' Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID' Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}' Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID' Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib' Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID' Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}' Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}' Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32' Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID' Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib' Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID' Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser' Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1' Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1\CLSID' Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CLSID' Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CurVer' Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}' Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}' Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}' Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}' Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}' Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}' Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}' Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}' Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}' Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}' Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}' Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}' Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}' Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}' Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}' Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}' Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib' Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}' Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid' Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32' Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib' Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0' Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32' Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS' Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR' Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0' Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32' Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS' Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR' Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1' Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1\CLSID' Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices' Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1' Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1\CLSID' Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CLSID' Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CurVer' Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1' Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1\CLSID' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StatBlaster' Found 'Tmp' in 'Software\Kazaa' Found 'Status' in 'Software\Kazaa\Advanced' Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband' Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband' Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband' Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate' Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in' Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out' Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent' Found 'Date' in 'Software\Kazaa\Settings' Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent' Found 'UseCount' in 'Software\Kazaa\Settings' Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer' Found 'FirewallStatus' in 'SOFTWARE\Kazaa' Found 'ListenPort' in 'SOFTWARE\Kazaa' Found 'my_ip_address' in 'SOFTWARE\Kazaa' Found 'network_config' in 'SOFTWARE\Kazaa' Found 'Tmp' in 'SOFTWARE\Kazaa' Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa' Found 'UDP_receive_status' in 'SOFTWARE\Kazaa' Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate' Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad' Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo' Found '' in 'Software\AppConf' Found 'confset' in 'Software\AppConf' Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1' Found '' in 'SOFTWARE\Vendor\xml' Found '' in 'SOFTWARE\Classes\Remove' Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager' Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX' Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}' Found '' in 'WhistleHlprObj.WhistleHlprObj.1' Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj.1' Found '' in 'WhistleHlprObj.WhistleHlprObj' Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj' Found '' in 'Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}' Found '' in 'TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}' Found '' in 'SOFTWARE\Classes\Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}' Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}' Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\FLAGS' Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\HELPDIR' Internet URL Shortcuts Files and Directories Found '' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' Found 'data.bin' in 'C:\Program Files\Aprps' Found 'wsuin.bat' in 'C:\Program Files\Common Files\System' Found '' in 'C:\Program Files\Kazaa' Found '' in 'C:\Program Files\Kazaa\BGP2P' Found '' in 'C:\Program Files\Kazaa\Db' Found '' in 'C:\Program Files\Kazaa\My Shared Folder' Found '' in 'C:\Program Files\Lycos' Found '' in 'C:\Program Files\Lycos\Sidesearch' Found '' in 'C:\Program Files\Media Access' Found '' in 'C:\Program Files\MyWay' Found 'client.exe' in 'C:\Program Files\ParadisePoker' Found '' in 'C:\Program Files\WinMX' Found 'errcatch.exe' in 'C:\Program Files\WinMX' Found 'uninstall.exe' in 'C:\Program Files\WinMX' Found 'WinMX.exe' in 'C:\Program Files\WinMX' Found 'FT1_02_0_402_GEPFAH.EXE' in 'C:\WINDOWS' Found 'Belt.inf' in 'C:\WINDOWS\INF' Found 'biini.inf' in 'C:\WINDOWS\INF' Found 'back.gif' in 'C:\WINDOWS\SYSTEM32' Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\SYSTEM32' Found 'MSrev21.dll' in 'C:\WINDOWS\SYSTEM32' Finished Scanning Started Backup Finished Backup Started Cleaning Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in shortcut areas. Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in startup areas. Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas. Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas. Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' Checking for 'C:\Program Files\Aprps\data.bin' in shortcut areas. Checking for 'C:\Program Files\Aprps\data.bin' in startup areas. Cleaning 'C:\Program Files\Aprps\data.bin' Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in shortcut areas. Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in startup areas. Cleaning 'C:\Program Files\Common Files\System\wsuin.bat' Checking for 'C:\Program Files\Kazaa' in shortcut areas. Checking for 'C:\Program Files\Kazaa' in startup areas. Cleaning 'C:\Program Files\Kazaa' Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in shortcut areas. Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in startup areas. Cleaning 'C:\Program Files\Kazaa\BGP2P\versions.dat' Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb' Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb' Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db\tss4.cab' Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in shortcut areas. Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in startup areas. Cleaning 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' Checking for 'C:\Program Files\Kazaa\BGP2P' in shortcut areas. Checking for 'C:\Program Files\Kazaa\BGP2P' in startup areas. Cleaning 'C:\Program Files\Kazaa\BGP2P' [SCANMODS] The file 'C:\Program Files\Kazaa\BGP2P' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\Kazaa\Db' in shortcut areas. Checking for 'C:\Program Files\Kazaa\Db' in startup areas. Cleaning 'C:\Program Files\Kazaa\Db' [SCANMODS] The file 'C:\Program Files\Kazaa\Db' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\Kazaa\My Shared Folder' in shortcut areas. Found 'My Shared Folder.url' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\' Checking for 'C:\Program Files\Kazaa\My Shared Folder' in startup areas. Cleaning 'C:\Program Files\Kazaa\My Shared Folder' [SCANMODS] The file 'C:\Program Files\Kazaa\My Shared Folder' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\Lycos' in shortcut areas. Checking for 'C:\Program Files\Lycos' in startup areas. Cleaning 'C:\Program Files\Lycos' Checking for 'C:\Program Files\Lycos\Sidesearch' in shortcut areas. Checking for 'C:\Program Files\Lycos\Sidesearch' in startup areas. Cleaning 'C:\Program Files\Lycos\Sidesearch' [SCANMODS] The file 'C:\Program Files\Lycos\Sidesearch' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\Media Access' in shortcut areas. Checking for 'C:\Program Files\Media Access' in startup areas. Cleaning 'C:\Program Files\Media Access' Checking for 'C:\Program Files\MyWay' in shortcut areas. Checking for 'C:\Program Files\MyWay' in startup areas. Cleaning 'C:\Program Files\MyWay' Checking for 'C:\Program Files\ParadisePoker\client.exe' in shortcut areas. Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\Paradise Poker\' Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\' Checking for 'C:\Program Files\ParadisePoker\client.exe' in startup areas. Cleaning 'C:\Program Files\ParadisePoker\client.exe' Checking for 'C:\Program Files\WinMX' in shortcut areas. Checking for 'C:\Program Files\WinMX' in startup areas. Cleaning 'C:\Program Files\WinMX' Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\colors.dat' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\library.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\library.dat' Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas. Checking for 'C:\Program Files\WinMX\license.txt' in startup areas. Cleaning 'C:\Program Files\WinMX\license.txt' Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas. Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas. Cleaning 'C:\Program Files\WinMX\settings.dat' Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\' Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\' [SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\errcatch.exe' [SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas. Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\uninstall.exe' [SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas. Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\' Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\' [SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. [SCANMODS] The file 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\WinMX.lnk' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas. Cleaning 'C:\Program Files\WinMX\WinMX.exe' [SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module. Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in shortcut areas. Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in startup areas. Cleaning 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' Checking for 'C:\WINDOWS\INF\Belt.inf' in shortcut areas. Checking for 'C:\WINDOWS\INF\Belt.inf' in startup areas. Cleaning 'C:\WINDOWS\INF\Belt.inf' Checking for 'C:\WINDOWS\INF\biini.inf' in shortcut areas. Checking for 'C:\WINDOWS\INF\biini.inf' in startup areas. Cleaning 'C:\WINDOWS\INF\biini.inf' Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in shortcut areas. Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in startup areas. Cleaning 'C:\WINDOWS\SYSTEM32\back.gif' Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in shortcut areas. Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in startup areas. Cleaning 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in shortcut areas. Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in startup areas. Cleaning 'C:\WINDOWS\SYSTEM32\MSrev21.dll' Finished Cleaning

08-19-2005, 06:47 AM	#6 (permalink)
steveb1164 Registered User Join Date: Aug 2005 Posts: 10 OS: Win XP Pro	Popups I'm still getting quite a few popups, but at least the toolbars and the top of webpage ads are gone.

08-19-2005, 06:57 AM	#7 (permalink)
steveb1164 Registered User Join Date: Aug 2005 Posts: 10 OS: Win XP Pro	Here's my new log. Logfile of HijackThis v1.99.1 Scan saved at 5:50:46 AM, on 8/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Messenger\msmsgs.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\America Online 8.0\aoltray.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Lexmark X125\LEX125SU.exe C:\Program Files\MightyFax NT\MFNTCTL.EXE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks for your help!

08-19-2005, 07:40 AM	#8 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Can you tell me more about this program - C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe What does it do? I have attached a file to this post - regdel.txt Download it & rename it "regdel.REG" (inclusive of the quotes) Make sure you do not mistakenly rename it as regdel.reg.txt (double extensions) Double-click on it & answer YES when prompted to merge into the Registry Please save these instructions in Notepad & close your browser after that. Whilst in Normal mode... Have HijackThis fix these: R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = http://localhost; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run Copy the filenames listed below. Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy C:\WINDOWS\SYSTEM32\conres.cpl C:\WINDOWS\SYSTEM32\b1s.dlltmp C:\WINDOWS\SYSTEM32\biR.exe C:\WINDOWS\system32\jajab.dll C:\WINDOWS\SYSTEM32\c17b6s.dll C:\WINDOWS\SYSTEM32\c41bRs.dll C:\WINDOWS\SYSTEM32\datadx.dll C:\WINDOWS\SYSTEM32\jajab.dll C:\WINDOWS\SYSTEM32\ssssgss.dll C:\WINDOWS\SYSTEM32\TV_ENG32.DLL C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nani.exe C:\Documents and Settings\Steve\Application Data\Sskcwrd.dll C:\Documents and Settings\Steve\Application Data\Sskknwrd.dll Launch KillBox.exe Go to the File menu, and choose Paste from Clipboard Click the dropdown-arrow next to the Full Path of File to Delete field. Verify that the filenames you pasted are found in there. Select/tick the following: Replace on Reboot Use Dummy End Explorer Shell While Killing File Unregister dlll Before deleting * if it's not grayed out Click the RED X button. Click Yes at the Delete on Reboot prompt. Click Yes at the 'Pending Operations prompt'. After you have rebooted, please try to do the Panda online scan If that fails, perform an online scan with Internet Explorer with Kaspersky WebScanner Next Click on Launch Kaspersky Anti-Virus Web Scanner You will be promted to install an ActiveX component from Kaspersky, Click Yes. The program will launch and then begin downloading the latest definition files: Once the files have been downloaded click on NEXT Now click on Scan Settings In the scan settings make that the following are selected: Scan using the following Anti-Virus database: Standard Scan Options: Scan Archives Scan Mail Bases Click OK Now under select a target to scan: Select My Computer This will program will start and scan your system. The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected. Now click on the Save as Text button: Save the file to your desktop. Copy and paste that information in your next post. Take note the names and locations of any file it detects but fails to clean. * Turn off the real time scanner of any existing antivirus program while performing the online scan Do another TrendMicro Antispyware scan. In your next reply, please include the following logs: Fresh HJT log Online scan's log TrendMicro's log Tell me how the machine is behaving now. __________________ Question - what have you done for the community today?

08-19-2005, 10:30 PM	#11 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Yes.. nani.exe is malware. We removed it during the last pass. It left an orphaned registry entry & you disabled it using msconfig. Kaspersky's found a lot of infected files from Norton's quarantine folder. Please empty the quarantine folder. Locate and delete the following file/folder: C:\Program Files\Aprps\ >> folder C:\WINDOWS\SYSTEM32\GSM3-0511.exe >> file Reboot a post a fresh HJT log. I would like to know if the computer is still giving you any problems. __________________ Question - what have you done for the community today?

08-19-2005, 11:37 PM	#12 (permalink)
steveb1164 Registered User Join Date: Aug 2005 Posts: 10 OS: Win XP Pro	Everything seems to be running smooth although a little slow since I activated all the startup items for this project. Usually I disable all of the startup items. Is this ok to do? Logfile of HijackThis v1.99.1 Scan saved at 10:32:33 PM, on 8/19/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\System32\CTsvcCDA.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\WINDOWS\System32\gearsec.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Messenger\msmsgs.exe C:\HJT\HijackThis.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Lexmark X125\LEX125SU.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\MightyFax NT\MFNTCTL.EXE C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files\WinZip\WZQKPICK.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/ O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe" O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

08-19-2005, 11:47 PM	#13 (permalink)
sUBs Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy Join Date: May 2005 Posts: 24,353 OS: N/A	Jump for joy like this little fella here -> Your system is clean You may disable all the startup items you do not require. Just keep the Norton's real time scanner running. Now that your system is clean, please follow these simple steps in order to keep your computer clean and secure: Clear & reset System Restore's cache click Start >> Run - type SYSDM.CPL & press Enter Select the System Restore Tab Tick on the checkbox - Turn off System Restore on all drives Click Apply Then untick the same checkbox & click OK Disable the viewing of Hidden files From Windows Explorer, go to Tools>Folder Options> View tab. Enable - Show hidden files and folder Disable - Hide file extensions for known types Disable - Hide protected operating system files Click Yes to confirm & then click OK Make your Internet Explorer more secure - This can be done by following these simple instructions: From within Internet Explorer click on the Tools menu and then click on Options. Click once on the Security tab Click once on the Internet icon so it becomes highlighted. Click once on the Custom Level button. Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button. Next press the Apply button and then the OK to exit the Internet Properties page. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released. Follow this list and your potential for being infected again will reduce dramatically. Here are some additional utilities that will further enhance your safety IE/Spyad - IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) Weather Watcher - Free taskbar weather program that is free, malware free, and resource light. Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness. Sun's Java - It's much more secure than Microsoft's Java Virtual Machine. Google Toolbar - Get the free google toolbar to help stop pop up windows. CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders. Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here: Using Winpatrol to protect your computer from malicious software To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein After doing all these, your system will be optimised against future threats. It's okay to delete the Hijack This folder in a couple weeks if everything is working okay. Have a safe & happy computing day. Please respond to this thread one more time so we can mark this thread as resolved. __________________ Question - what have you done for the community today?

08-20-2005, 12:12 AM	#14 (permalink)
steveb1164 Registered User Join Date: Aug 2005 Posts: 10 OS: Win XP Pro	Thanks so much for your help. I just donated $20 to the forum. When this problem happened I renewed my subscription to Norton, before that I didn't have anti-virus software running. Learned that the hard way! They automatically update their virus definitions, don't they? Also, my computer is set for the automatic Windows Update. Do I still need to check the website? I'm not sure if I have a firewall or not. I'll check into that. Thanks again, and this thread is closed!!

08-20-2005, 01:53 AM	#15 (permalink)
POADB Moderator, Microsoft Support Join Date: Jul 2004 Location: United Kingdom Posts: 6,481 OS: XP SP2	SP2 comes with a firewall. If you have Automatic Updates enabled, there is no need to check the website. __________________