ok i seem to have encountered a new prob... im unable to shut down or restart my pc from the start menu and also my pc was freezing when i tried to go into safe mode so i attempted to do it using misconfig but was given an error message that windows could not find "misconfig", sigh... anyway here is what i have :
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent 7/4/2005 8:52:42 PM 1669 C:\log.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
qoologic 11/23/2004 8:28:08 AM 3817 C:\WINDOWS\agango.dll
abetterinternet.com 11/23/2004 8:28:08 AM 3817 C:\WINDOWS\agango.dll
abetterinternet.com 7/6/2005 7:37:56 AM 11166 C:\WINDOWS\akaok.dll
web-nex 7/6/2005 7:37:56 AM 11166 C:\WINDOWS\akaok.dll
ad-w-a-r-e.com 7/6/2005 7:37:56 AM 11166 C:\WINDOWS\akaok.dll
UPX! 12/21/1999 6:58:02 AM 21312 C:\WINDOWS\choice.exe
PECompact2 11/26/2004 10:49:46 PM 10433602 C:\WINDOWS\LPT$VPN.265
qoologic 11/26/2004 10:49:46 PM 10433602 C:\WINDOWS\LPT$VPN.265
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 11/26/2004 10:49:46 PM 10433602 C:\WINDOWS\VPTNFILE.265
qoologic 11/26/2004 10:49:46 PM 10433602 C:\WINDOWS\VPTNFILE.265
UPX! 11/18/2004 8:41:02 AM 1036800 C:\WINDOWS\vsapi32.dll
aspack 11/18/2004 8:41:02 AM 1036800 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
PEC2 11/5/2001 2:33:50 PM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 10/11/2004 7:37:24 PM 37124 C:\WINDOWS\SYSTEM32\imsn.exe
PTech 7/12/2005 6:04:22 PM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
UPX! 1/13/2005 9:41:48 PM 11254 C:\WINDOWS\SYSTEM32\locate.com
qoologic 11/18/2004 11:32:28 AM 7293131 C:\WINDOWS\SYSTEM32\pav.sig
aspack 11/18/2004 11:32:28 AM 7293131 C:\WINDOWS\SYSTEM32\pav.sig
SAHAgent 11/18/2004 11:32:28 AM 7293131 C:\WINDOWS\SYSTEM32\pav.sig
winsync 11/18/2004 11:32:28 AM 7293131 C:\WINDOWS\SYSTEM32\pav.sig
Umonitor 8/29/2002 5:41:10 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 11/5/2001 2:35:54 PM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/21/2005 10:07:22 PM 2048 C:\WINDOWS\bootstat.dat
SH 8/21/2005 1:11:56 PM 32 C:\WINDOWS\{06C1134C-2C35-4F4D-B863-546724FE4431}.dat
SH 8/21/2005 1:23:56 PM 32 C:\WINDOWS\{08BD27CD-8E53-45BC-982E-7B65AA752BC2}.dat
SH 8/21/2005 1:10:50 PM 32 C:\WINDOWS\{2D241D3A-C1AA-4FA7-A9DB-FC3829D44743}.dat
SH 8/21/2005 1:13:12 PM 32 C:\WINDOWS\{A2F10F01-B6BA-4F9B-A6F4-D8121B956487}.dat
SH 8/21/2005 1:11:56 PM 32 C:\WINDOWS\{BCFEA568-3502-4E3D-A6DD-CDBC7D5CBDC7}.dat
SH 8/21/2005 1:11:56 PM 32 C:\WINDOWS\{FC910F33-5874-4692-8135-610CA8A8D1EA}.dat
S 8/21/2005 7:55:18 PM 64 C:\WINDOWS\CSC\00000001
S 8/21/2005 7:32:02 PM 64 C:\WINDOWS\CSC\00000002
S 8/21/2005 7:24:48 PM 64 C:\WINDOWS\CSC\csc1.tmp
H 8/19/2005 8:37:54 AM 10820 C:\WINDOWS\Help\nocontnt.GID
H 7/4/2005 11:27:58 PM 0 C:\WINDOWS\inf\oem7.inf
H 8/21/2005 8:18:00 PM 0 C:\WINDOWS\LastGood\INF\oem8.inf
H 8/21/2005 8:18:00 PM 0 C:\WINDOWS\LastGood\INF\oem8.PNF
SH 8/21/2005 1:23:56 PM 32 C:\WINDOWS\system32\{16A6084A-0BA2-44A5-B643-02951E8FCF29}.dat
SH 8/21/2005 1:11:56 PM 32 C:\WINDOWS\system32\{18688F72-0AF8-4A1E-B668-949684603AA8}.dat
SH 8/21/2005 1:10:50 PM 32 C:\WINDOWS\system32\{CBF0B777-C674-48C7-B9B9-F175CF4E905B}.dat
SH 8/21/2005 1:13:12 PM 32 C:\WINDOWS\system32\{CC9B6B51-1B03-4925-87F3-4E312065E001}.dat
SH 8/21/2005 1:11:56 PM 32 C:\WINDOWS\system32\{E3F62295-7BA0-4DDC-8C98-D4C1AAACA7EB}.dat
SH 8/21/2005 1:11:56 PM 32 C:\WINDOWS\system32\{FCDC2018-2A2D-44FC-8E45-109647CE41E3}.dat
H 8/21/2005 10:07:12 PM 8192 C:\WINDOWS\system32\config\default.LOG
H 8/21/2005 10:07:34 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
H 8/21/2005 10:07:26 PM 16384 C:\WINDOWS\system32\config\SECURITY.LOG
H 8/21/2005 10:08:34 PM 69632 C:\WINDOWS\system32\config\software.LOG
H 8/21/2005 10:07:38 PM 688128 C:\WINDOWS\system32\config\system.LOG
SH 7/4/2005 11:28:10 PM 13698 C:\WINDOWS\system32\Restore\filelist.xml
H 8/21/2005 7:55:20 PM 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 11/5/2001 2:33:38 PM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/29/2002 5:41:28 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/29/2002 5:41:28 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 11/5/2001 2:34:36 PM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 5:41:28 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 5:41:28 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/29/2002 5:41:28 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/6/2004 9:31:48 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 11/5/2001 2:34:46 PM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 11/5/2001 2:34:50 PM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 11/5/2001 2:35:04 PM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 11/5/2001 2:35:14 PM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 11/5/2001 2:35:14 PM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 11/5/2001 2:35:14 PM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 11/5/2001 2:35:24 PM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 6/20/2001 4:34:36 PM 287232 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/29/2002 5:41:28 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 11/5/2001 2:35:46 PM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 11/5/2001 2:35:46 PM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 11/5/2001 2:33:38 PM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 11/5/2001 2:34:36 PM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 5:41:28 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 11/5/2001 2:34:46 PM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 11/5/2001 2:34:50 PM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 11/5/2001 2:35:04 PM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 11/5/2001 2:35:14 PM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 11/5/2001 2:35:14 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 11/5/2001 2:35:14 PM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 11/5/2001 2:35:24 PM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 11/5/2001 2:35:46 PM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 11/5/2001 2:35:46 PM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
8/6/2005 6:41:46 PM 517 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Icatch(VI) SnapDetect.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
4/14/2005 7:55:22 PM 650 C:\Documents and Settings\Randy-n-Jamie\Start Menu\Programs\Startup\SpywareGuard.lnk
Checking files in %USERPROFILE%\Application Data folder...
1/29/2005 5:55:22 PM 875 C:\Documents and Settings\Randy-n-Jamie\Application Data\AdobeDLM.log
1/29/2005 5:55:22 PM 0 C:\Documents and Settings\Randy-n-Jamie\Application Data\dm.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{81559C35-8464-49F7-BB0E-07A383BEF910} = C:\Program Files\SpywareGuard\spywareguard.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4A368E80-174F-4872-96B5-0B27DDD11DB2}
SpywareGuardDLBLOCK.CBrowserHelper = C:\Program Files\SpywareGuard\dlprotect.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{656EC4B7-072B-4698-B504-2A414C1F0037}
IE_PopupBlocker Class = C:\Program Files\LocalNet Express 2.0\prpl_IePopupBlocker.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\MSMSGS.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Propel Accelerator "C:\Program Files\LocalNet Express 2.0\trayctl.exe" /STARTUPLAUNCH
ccApp C:\Program Files\Common Files\Symantec Shared\ccApp.exe
ccRegVfy C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
msnmsgr "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/21/2005 10:17:10 PM
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"Propel Accelerator"="\"C:\\Program Files\\LocalNet Express 2.0\\trayctl.exe\" /STARTUPLAUNCH"
"ccApp"="C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
"ccRegVfy"="C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
Icatch(VI) SnapDetect.lnk
==============================
C:\Documents and Settings\Randy-n-Jamie\Start Menu\Programs\Startup
desktop.ini
Icatch(VI) SnapDetect.lnk
desktop.ini
SpywareGuard.lnk
==============================
C:\WINDOWS\system32 cpl files
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft CorporationLogfile of HijackThis v1.99.1
Scan saved at 10:34:56 PM, on 8/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\pctspk.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\Twain_32\CA561A\SnapDetect.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\LocalNet Express 2.0\PropelAC.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis.log\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;*windowsupdate.microsoft.com;*windowsupdate.com;download.microsoft.com;codecs.microsoft.com;activex.microsoft.com;<local>
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program Files\LocalNet Express 2.0\prpl_IePopupBlocker.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Propel Accelerator] "C:\Program Files\LocalNet Express 2.0\trayctl.exe" /STARTUPLAUNCH
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Icatch(VI) SnapDetect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Allow pop-ups from this site - C:\Program Files\LocalNet Express 2.0\pac-addwl.html
O8 - Extra context menu item: Refresh Pa&ge with Full Quality - C:\Program Files\LocalNet Express 2.0\pac-page.html
O8 - Extra context menu item: Refresh Pi&cture with Full Quality - C:\Program Files\LocalNet Express 2.0\pac-image.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: PCPitstop-Tracks-Checker -
http://www1.pcpitstop.com/privacy/PCPTracks.cab
O16 - DPF: ppctlcab -
http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) -
http://www.stylist4all.com/IE20020716/save/makeover.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
http://www.icannnews.com/app/ST/ActiveX.ocx
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} -
http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120537107890
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -
http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {89D75D39-5531-47BA-9E4F-B346BA9C362C} (CWDL_DownLoadControl Class) -
http://www.callwave.com/include/cab/CWDL_DownLoad.CAB
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) -
http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) -
http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -
https://www-secure.symantec.com/techsupp/activedata/SymAData.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) -
http://zone.msn.com/bingame/feed/default/SproutLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -
http://zone.msn.com/bingame/apop/default/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) -
https://www-secure.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4519/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BCE64585-51A5-466F-8809-F9AC4846CB6A}: NameServer = 207.251.194.54 207.251.194.55
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Incident Status Location
Adware:adware/look2me No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\ActiveX.ocx
Adware:adware/wintools No disinfected Windows Registry
Virus:Trj/Qhost.gen Disinfected C:\WINDOWS\system32\drivers\etc\hosts.20050821-114844.backup
Hacktool:Hacktool/MSNpass.B No disinfected C:\WINDOWS\system32\imsn.exe
Security Risk:Application/ProcessorNo disinfected C:\WINDOWS\system32\Process.exe