[paprika]

Hello,
This is my 1st time here & am very unsure what to do, I'm also fairly new to computers. I hope I don't waste your time.
I have a windows xp home edition. I recently installed Norton Internet Security, plus I have Windows Defender.
I have been having drive cleaner pop ups wanting me to install etc & other pop-ups, when I close this annoying window It also closes the page I was previously on.
My norton has detected & quarintined 1 drive cleaner but to no avail. Also norton has quarintined 8 winfixers.
I have also System Doctor 2006 pop-up.
What other info do you need in order to help me?

I really need your help
Thanking you,
Paprika

[Advertisements]

Hi paprika

Use this link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, and double click on the HijackThis.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.

Now post your HijackThis log into this topic.

[Shaba]

Hi paprika

Use this link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, and double click on the HijackThis.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.

Now post your HijackThis log into this topic.

[paprika]

Dear Shaba,
Thanks for replying so quickly, I appreciate you taking the time to help me.
I have pasted the Logfile of Hijack this for you to read, I hope i've pasted it in the right spot.
Thank you also for the easy instructions, it can get quite overwhelming at times when your a beginner.

Paprika


Logfile of HijackThis v1.99.1
Scan saved at 4:49:12 PM, on 19/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\sistray.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\KURT&S~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZRxdm428YYAU
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optima.com.au
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.sonypictu...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://msnau.oberon-...aploader_v6.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

[Shaba]

Hi

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:



5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

[paprika]

Hi Shaba,
Is this what you need? Wow, you really do work fast...lol
Thank you,
Paprika


Adobe Reader 7.0.8
ArcSoft PhotoStudio 5.5
AT&T WorldNet Setup
BigPond ADSL SIK 5.5 Files
BigPond Toolbar
CardRd81
CC_ccProxyExt
ccCommon
CCHelp
ccPxyCore
CCScore
Cda Product Service - shared component
Clock Screen Saver
Collector's Edition 251
CR2
Disney's Arcade Frenzy
EAX Unified
ESSAdpt
ESSANUP
ESSBrwr
ESSCAM
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTUTOR
ESSvpaht
ESSvpot
FTDI USB Serial Converter Drivers
Galaxy of Games 201
GdiplusUpgrade
GraphicView 32
green label Print It 3
HijackThis 1.99.1
HLPCCTR
HLPIndex
HLPPDOCK
HLPRFO
Hoyle Board Games 4
Hoyle Card Games 3 Demo
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
IncrediMail Xe
Kodak EasyShare software
KSU
LG Sync
LGUsbConverterDriver
LiveUpdate 3.0 (Symantec Corporation)
Macromedia Flash Player 8
Macromedia Shockwave Player
Magentic
Microsoft .NET Framework 1.1
Microsoft Encarta Encyclopedia Standard 2005
Microsoft Money
Microsoft Photo Premium 10
Microsoft Word 2002
Microsoft Works
Microsoft Works 2005 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Monsters, Inc. Scare Island
MSRedist
My Web Search (Smiley Central)
Nero BurnRights (Ahead Software)
Nero Suite
ninemsn Internet Software
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
Notifier
OTtBP
OTtBPSDK
overland
Panda ActiveScan
PCDLNCH
PowerDVD
Project Nomads
Puzzle Master 3
QuickTime
Race Driver
Realtek AC'97 Audio
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Serials 2000 7.1+
SFR
SFR2
Shockwave
Shrek 2
SiS VGA Utilities
SPBBC
SpeedTouch USB Software
The Incredibles: Rise of The Underminer
Ultimate Mahjongg
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VCAMCEN
VPRINTOL
Wanted Guns
Windows Defender
Windows Defender Signatures
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892627
Windows XP Hotfix - KB893056
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086

[Shaba]

Hi

Uninstall via add/remove programs:

My Web Search (Smiley Central)

Reboot

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

• The program will launch and then start to download the latest definition files.
  
• Once the scanner is installed and the definitions downloaded, click Next.
  
• Now click on Scan Settings
  
• In the scan settings make sure that the following are selected:
  
  o Scan using the following Anti-Virus database:
  
  + Extended (If available otherwise Standard)
  
  o Scan Options:
  
  + Scan Archives
  + Scan Mail Bases
  
  
• Click OK
  
• Now under select a target to scan select My Computer
  
• The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  
• Now click on the Save as Text button
  
• Save the file to your desktop.
  
• Copy and paste that information in your next post.

Send:

- a fresh HijackThis log
- kaspersky report

[paprika]

Hi Shaba,
Here's the fresh HighjackThis Log Plus Kaspersky Report.
What's your opinion so far, how bad is it ??
Thanks,
Paprika


Logfile of HijackThis v1.99.1
Scan saved at 1:04:56 AM, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\KURT&S~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optima.com.au
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.sonypictu...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://msnau.oberon-...aploader_v6.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe




KASPERSKY ONLINE SCANNER REPORT
Saturday, October 21, 2006 12:57:05 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 20/10/2006
Kaspersky Anti-Virus database records: 233256


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 89078
Number of viruses found 15
Number of infected objects 75 / 0
Number of suspicious objects 0
Duration of the scan process 00:49:54

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05062006-000052.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-20_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\OLD HDD\Program Files\MSN Messenger\RICHED20.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.s skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.z skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aa skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\OLD HDD\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\WINDOWS\SYSTEM\dialersetup\Hot_Aussie-uninstall.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\SYSTEM\Popular Screensavers.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\WINDOWS\TEMP\delwbi.tmp Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\nsiE0.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_3352.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_40e2.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_4384.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_61b3.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_6222.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_62f5.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_8114.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_9325.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_a072.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_a0b4.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_a1f5.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_c145.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_d040.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_e021.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_f382.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\Temporary Internet Files\Content.IE5\2LYT2HON\x8NotifierInitialSetup1.0.0.12[1].cab/x8Setup1.exe Infected: not-a-virus:AdWare.Win32.FunWeb.e skipped

C:\OLD HDD\WINDOWS\Temporary Internet Files\Content.IE5\2LYT2HON\x8NotifierInitialSetup1.0.0.12[1].cab CAB: infected - 1 skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare Software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare Software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\209f\f437463\infopak.zip Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\209f\f437463\_bwfindx.zip Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000020.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0040NAV~.TMP Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0265NAV~.TMP Object is locked skipped

C:\Program Files\Uninstall My Web Search.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034655.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034656.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034658.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034659.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034660.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034661.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034663.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034664.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034665.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034666.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034667.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034669.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034670.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034671.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034672.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034674.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034675.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034676.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034677.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034684.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034685.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034686.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\EventCache\{E69F3D18-29C2-4B09-9442-4E4A9D89378B}.bin Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Shaba]

Hi

Not so bad; viruses are on backup directory and on system restore

Empty these folders:

C:\OLD HDD\Program Files\MyWebSearch
C:\OLD HDD\WINDOWS\TEMP\

Delete these:

C:\OLD HDD\WINDOWS\SYSTEM\dialersetup\Hot_Aussie-uninstall.exe
C:\OLD HDD\WINDOWS\SYSTEM\Popular Screensavers.scr
C:\OLD HDD\Program Files\MSN Messenger\RICHED20.DLL
C:\OLD HDD\WINDOWS\Temporary Internet Files\Content.IE5\2LYT2HON\x8NotifierInitialSetup1.0.0.12[1].cab
C:\WINDOWS\Downloaded Program Files\popcaploader.dll
C:\Program Files\Uninstall My Web Search.dll

Empty Recycle Bin

Open HijackThis, click do a system scan only and checkmark this:

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab

Close all windows including browser and press fix checked.

Reboot

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report

[paprika]

Dear Shaba,
I am having extreme trouble with my computer. I have followed the steps of your post, but I can only send you the Kaspersky Report. My computer will not let me access Hijack this in any way that I've tried including your link from your first reply. My programs continually close when I try to access Highjackthis & I've had repeated signs such as:

-Data ExecutivePrevention
-Winlogon.exe
-Windows Genuine Advantage Notification
-Dr Watson Postmortem Debugger

Most of these say that they've encounted a problem & need to close & RE: hijack this-It says it has disabled/closed this program to protect my computer.
I'm starting to get a bit worried now Shaba, & I've run out of nails to bite..

Thanking you,
Paprika







KASPERSKY ONLINE SCANNER REPORT
Saturday, October 21, 2006 12:03:50 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/10/2006
Kaspersky Anti-Virus database records: 233515


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 88837
Number of viruses found 13
Number of infected objects 72 / 0
Number of suspicious objects 0
Duration of the scan process 00:51:22

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05062006-000052.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-21_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{575DEEBC-D48C-4A6A-9DF7-176C975F0E03} Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\History\History.IE5\MSHist012006102120061022\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\F3REPROX.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.s skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3CJPEG.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3DTACTL.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.z skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3HISTSW.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3HTMLMU.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3HTTPCT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aa skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3POPSWT.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3PSSAVR.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3REPROX.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3RESTUB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3SCHMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3SCRCTR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\F3WPHOOK.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3HTML.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3OUTLCN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3PLUGIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\M3SKIN.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSOEPLG.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\MWSOESTB.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\bar\2.bin\NPMYWEBS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\OLD HDD\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\Program Files\MyWebSearch\SrchAstt\2.bin\MWSSRCAS.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\OLD HDD\WINDOWS\TEMP\delwbi.tmp Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\nsiE0.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_3352.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_40e2.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_4384.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_61b3.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_6222.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_62f5.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_8114.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_9325.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_a072.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_a0b4.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_a1f5.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_c145.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_d040.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_e021.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\OLD HDD\WINDOWS\TEMP\wk_f382.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare Software\Catalog\EasyShare.me Object is locked skipped

C:\Program Files\Kodak\Kodak EasyShare Software\Catalog\EasyShare.mm Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\BWKDLogs\BWTargetInf.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\cache.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chandir.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\chn.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\D0000000.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\inuse.txt Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\L0000020.FCS Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\main.log Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_die.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_dnd.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_ext.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\prs_rcv.idx Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.dat Object is locked skipped

C:\Program Files\Kodak\KODAK Software Updater\7288971\Users\Default\Data\storydb.idx Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0509NAV~.TMP Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0622NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034655.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034656.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034658.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034659.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034660.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034661.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034663.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034664.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034665.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034666.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034667.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034669.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034670.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034671.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034672.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034674.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034675.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034676.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034677.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034684.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034685.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034686.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034708.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034709.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034710.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034711.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP504\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Shaba]

Hi

Do you also have troubles deleting files?

Because you haven't deleted all files I instructed.

Delete these directories:

C:\OLD HDD\Program Files\MyWebSearch\
C:\OLD HDD\WINDOWS\TEMP\

Empty Recycle Bin

Send kaspersky report

You can also try rename HijackThis.exe to HJT.exe

Also, if problems continue, repair installation of windows might be a good idea.

[paprika]

Dear Shaba,
Sorry about those files, I hope I've done it properly this time,please let me know.
I have a new Kaspersky Report & was able to get a Highjack this log as well.
I appreciate your patience.
Thanking you,
Paprika



Logfile of HijackThis v1.99.1
Scan saved at 1:51:27 AM, on 22/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\keyhook.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bigpond.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ImInstaller_IncrediMail] C:\DOCUME~1\KURT&S~1\LOCALS~1\Temp\ImInstaller\IncrediMail\incredimail_install.exe -startup -product IncrediMail
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.optima.com.au
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://www.sonypictu...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://www.gamehouse...outLauncher.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = qld.bigpond.net.au
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe





KASPERSKY ONLINE SCANNER REPORT
Sunday, October 22, 2006 2:56:04 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 21/10/2006
Kaspersky Anti-Virus database records: 233650


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics
Total number of scanned objects 88032
Number of viruses found 13
Number of infected objects 72 / 0
Number of suspicious objects 0
Duration of the scan process 00:50:59

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\WDLog-05062006-000052.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Confid.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Content.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Privacy.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\Restrict.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\WebHist.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPAppActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\HPPHomePageActivity.log Object is locked skipped

C:\Documents and Settings\All Users\Application Data\Symantec\LiveUpdate\2006-10-22_Log.ALUSchedulerSvc.LiveUpdate Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Application Data\Symantec\PendingAlertsQueue.log Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{6610B925-40C7-4BE2-B63D-1EB547094AB3} Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\History\History.IE5\MSHist012006102220061023\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Kurt & Susanne\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\AntiSpam\Log\Spam.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped

C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped

C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVApp.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVError.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\AVVirus.log Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0248NAV~.TMP Object is locked skipped

C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0901NAV~.TMP Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034655.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034656.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034658.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034659.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034660.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.af skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034661.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034663.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034664.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034665.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034666.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034667.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034669.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034670.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034671.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034672.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034674.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034675.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.al skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034676.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP501\A0034677.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034684.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034685.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034686.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034708.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034709.scr Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034710.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP502\A0034711.dll Infected: not-a-virus:AdWare.Win32.MyWebSearch.an skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035776.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035780.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035784.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035788.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.ad skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035789.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035793.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035794.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035795.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035796.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035797.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.i skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035798.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035799.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035800.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035801.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.s skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035802.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035803.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035804.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035806.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035812.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035822.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035823.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035832.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035878.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035880.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035883.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035899.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035900.DLL Infected: not-a-virus:AdWare.Win32.FunWeb.d skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035905.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.z skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035907.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035911.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035915.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.aa skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035916.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035918.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035919.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035921.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035924.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035925.SCR Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035929.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035934.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035937.EXE Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035942.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.l skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035948.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035953.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035957.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\A0035959.DLL Infected: not-a-virus:AdWare.Win32.MyWebSearch.f skipped

C:\System Volume Information\_restore{860EC069-D570-415F-A707-6EB3907A1BD9}\RP507\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\HotWetLove-uninstall.exe Infected: not-a-virus:Dialer.Win32.gen skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

[Shaba]

Hi

Logs look good.

Do you still have any problems?

[paprika]

Hi Shaba,
Yes, am still having problems unfortunately.
I obviously don't know how to read the reports I've sent, but I was wondering why the Kaspersky says It found 13 viruses & 72/0 infected objects. How do I get rid of these risks to my computer?
I am still having some of those windows signs pop up on start up & whilst opening new pages etc. I have only started having these in the last couple of days.
Also I had another Drive cleaner pop-up a moment ago.
What can I do now??

Thanking you,
Paprika

[Shaba]

Hi

Those kaspersky findings are in system restore and can be easily cleaned according to instructions I'll give you later.

Do you get those popups also when browser (Internet explorer) is closed, in all web pages or in certain web pages?

[paprika]

Hi Shaba,
As soon as I logon I have a windows message "windows explorer has encountered a problem & needed to close" I press 'don't send', another appears,"winlogon.exe same message plus gives date & time of error. This time the 2nd sign appeared 5 times after I pressed 'don't send'.
Am now looking at my icons with background picture...
Sometimes this happens whilst incredimail is open after using your link,
The only things I've had open on my computer when these window signs & pop ups occur are
-incredimail
-your site 'Geeks to Go & the steps I have followed
-internet explorer
Sometimes when I click on an icon they all dissapear for a moment then another windows sign appears.
Earlier when I clicked on internet icon then tried to click google in favourites colum everything would dissapear again.
Does any of this make sense to you? Am finding It hard to express myself, talking is easier..sorry

Thanking you'
Paprika