Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow Computer and Spamming

Started by Gambro , Nov 06 2006 05:58 AM

  • This topic is locked This topic is locked

#16
Gambro
Posted 16 November 2006 - 09:30 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Middie
I rechecked all my setting as you suggested (twice!) and ensured they were set properly. However after I rebooted into safe mode and I tried to get into the folder:
C:\Documents and Settings\Kari\Application Data\

it would not allow me access (I also have admin rights)..... what could be causing this?


I ran AVG again in safe mode and here is the report:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:04:54 AM 16/11/2006

+ Scan result:



C:\Documents and Settings\Kari\Application Data\Hotbar -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\IESkins -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\Wallpaper -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\Wallpaper\070304Fun007_wp.jpg -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\033102bigangry_1_em.htm -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\033102bigangry_1_prv.gif -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\042702_2440_759_em.htm -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\042702_2440_759_prv.gif -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\060104_emm6_em.htm -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\060104_emm6_prv.gif -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\FileManager.txt -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\empty_bg_st.htm -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\reports.txt -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static\1 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1007832.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1019562.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1022909.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1022989.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1046923.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055669.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055681.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056174.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056194.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056449.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056880.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1058163.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059014.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059682.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1063425.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065138.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067059.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067179.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067235.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070500.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070579.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1076239.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1093156.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1158870.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1214530.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1271868.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1272086.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1298417.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\134312.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\136241.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\137709.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383392.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383421.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383582.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383704.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383728.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385418.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385437.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385459.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385562.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386887.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387576.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387587.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388311.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388378.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388702.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1389132.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1389690.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390234.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391027.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1399444.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400989.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401872.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401897.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402096.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402321.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402442.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402683.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1409567.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1418656.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1418750.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\141959.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\153438.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\16026.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1673001.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1809989.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\187725.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\208827.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2208946.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2284377.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\230769.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2451.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\274305.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2841361.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2875527.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\333164.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\34146.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\341650.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\344stat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\350103.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\353951.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\392286.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\400189.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\427587.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\43530.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\507061.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\514531.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\541483.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\5635.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\569709.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\575671.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\600583.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\635152.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\636801.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\639984.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\671709.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\716690.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\731481.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\751710.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\786399.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\788843.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\804556.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\805478.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\819382.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\823114.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\824121.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\839405.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\869818.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\877979.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\880604.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\903707.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\905181.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\923880.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\939171.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\957414.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\980267.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\98608.sdf -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1062 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10807 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11149 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11213 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12776 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13099 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1337 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13371 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13546 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13562 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13617 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1369 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1372 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13863 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14207 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1424 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14575 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14633 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14640 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14643 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1491 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15040 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1509 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15090 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15198 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15200 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15202 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15541 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16072 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16087 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16173 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17138 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17301 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18035 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1810 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18676 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18730 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19286 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19288 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19650 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1966 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19803 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20106 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20128 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2021 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\202699 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20299 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20517 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20613 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20935 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21017 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21189 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21218 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21889 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22094 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22458 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23066 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\233324 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\237756 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23923 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24875 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24996 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25405 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25509 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25540 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25839 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25869 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26082 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26106 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26245 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26247 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26272 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26336 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26340 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27419 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27515 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28062 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28383 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28812 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29127 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29532 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29536 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\297534 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30455 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30458 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31157 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31262 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31301 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31331 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31409 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31956 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32024 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32137 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32242 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32547 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32676 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32812 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32830 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32851 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32883 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33069 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3332 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3338 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33697 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33710 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34120 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34134 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34162 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34374 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34706 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35000 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35150 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35155 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35554 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35804 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36071 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36072 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36079 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36575 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3659 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36598 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\366238 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36834 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36837 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36844 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36847 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36971 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37509 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37933 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3796 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37999 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38048 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38123 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38868 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39072 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39245 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39632 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39896 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39897 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\402844 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\40999 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41215 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41225 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41273 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41364 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4142 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41421 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41499 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41507 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41533 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4157 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41578 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41588 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41641 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41731 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41910 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42208 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4226 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42425 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42695 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42915 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42916 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43184 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43907 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44249 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44271 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44300 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44306 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44458 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44595 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44701 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45709 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46021 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46258 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46415 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47468 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47484 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4765 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47778 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47914 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\48540 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4899 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49205 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49364 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49370 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49871 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\50830 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51166 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51374 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\516030 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51824 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52253 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52335 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52902 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\530172 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\538263 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54189 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54247 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54469 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54473 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\54488 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\55054 -> Adware.HotBar : No action taken.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\5508 -> Adware.HotBar : No action taken.
C:\Doc
  • 0

Advertisements

#17
Middie042
Posted 16 November 2006 - 08:53 PM

Middie042

    Member

  • Member
  • PipPipPip
  • 382 posts
Hi Gambro,

Yes, thanks for checking and double checking those AVG A/S settings. I saw in your first post how it did work to quarantine a couple files. But we are having some difficulties.

Let's give this a go to rid us of Hotbar. Then we can move on.

Be sure you are logged in as the Administrator on the computer with Administrator rights. Print these out for reference.
  • I want you to uninstall the current AVG AntiSpyware, and confirm you have also deleted the prior EWIDO. Please make sure this is uninstalled for Every user on the computer.
    We will re-install it for just one user with Administrator privileges.
  • Reboot
  • Next download AVG Anti-Spyware from HERE and save that file to your desktop.
    • This is a 30 day trial of the program
    • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
      • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
    Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

  • Please download the Killbox by Option^Explicit.

    Note: In the event you already have Killbox, this is a new version that I need you to download.
    • Save it to your desktop.
    • Please double-click Killbox.exe to run it.
    • Select:
      • Delete on Reboot
      • then Click on the All Files button.
    • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

      C:\Documents and Settings\Kari\Application Data\Hotbar\
    • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
    • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
    If your computer does not restart automatically, please restart it manually.

    If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.
  • Reboot into Safe Mode: You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
    • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Regards,



Middie042
  • 0

#18
Gambro
Posted 18 November 2006 - 09:27 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Middie
I did what you said re: removing and re-installing the AVG software, then ran Killbox (and I did receive a "PendingFileRenameOperations" error message)....

I re-ran AVG in safe mode and here's the log file - i had to manually delete every item as it kept coming up with an error message...looked like some were cleaned and others not:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 7:25:57 AM 18/11/2006

+ Scan result:



C:\Documents and Settings\Kari\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\Wallpaper -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\Wallpaper\070304Fun007_wp.jpg -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\033102bigangry_1_em.htm -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\033102bigangry_1_prv.gif -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\042702_2440_759_em.htm -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\042702_2440_759_prv.gif -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\060104_emm6_em.htm -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\060104_emm6_prv.gif -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\FileManager.txt -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin\empty_bg_st.htm -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\reports.txt -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1007832.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1019562.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1022909.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1022989.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1046923.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055669.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055681.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056174.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056194.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056449.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056880.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1058163.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059014.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059682.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1063425.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065138.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067059.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067179.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067235.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070500.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070579.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1076239.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1093156.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1158870.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1214530.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1271868.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1272086.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1298417.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\134312.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\136241.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\137709.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383392.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383421.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383582.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383704.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383728.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385418.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385437.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385459.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385562.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386887.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387576.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387587.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388311.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388378.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388702.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1389132.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1389690.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390234.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391027.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1399444.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400989.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401872.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401897.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402096.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402321.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402442.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402683.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1409567.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1418656.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1418750.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\141959.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\153438.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\16026.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1673001.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\1809989.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\187725.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\208827.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2208946.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2284377.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\230769.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2451.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\274305.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2841361.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\2875527.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\333164.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\34146.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\341650.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\344stat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\350103.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\353951.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\392286.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\400189.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\427587.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\43530.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\507061.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\514531.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\541483.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\5635.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\569709.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\575671.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\600583.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\635152.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\636801.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\639984.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\671709.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\716690.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\731481.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\751710.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\786399.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\788843.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\804556.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\805478.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\819382.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\823114.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\824121.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\839405.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\869818.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\877979.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\880604.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\903707.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\905181.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\923880.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\939171.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\957414.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\980267.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\98608.sdf -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1062 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10807 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11149 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11213 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12776 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13099 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1337 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13371 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13546 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13562 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13617 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1369 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1372 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13863 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14207 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1424 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14575 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14633 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14640 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\14643 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1491 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15040 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1509 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15090 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15198 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15200 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15202 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15541 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16072 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16087 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\16173 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17138 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17301 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18035 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1810 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18676 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18730 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19286 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19288 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19650 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1966 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19803 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20106 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20128 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2021 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\202699 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20299 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20517 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20613 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20935 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21017 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21189 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21218 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21889 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22094 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22458 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23066 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\233324 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\237756 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\23923 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24875 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24996 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25405 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25509 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25540 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25839 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25869 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26082 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26106 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26245 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26247 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26272 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26336 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26340 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27414 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27419 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27515 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28062 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28383 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\28812 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29115 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29127 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29532 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29536 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\297534 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30455 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30458 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31157 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31262 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31301 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31331 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31409 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\31956 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32024 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32137 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32242 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32547 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32676 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32812 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32830 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32851 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32883 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33069 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3332 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3338 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33697 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33710 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34120 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34134 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34162 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34374 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34706 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35000 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35150 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35155 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\352 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35554 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35804 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36071 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36072 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36079 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36575 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3659 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36598 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\366238 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36834 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36837 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36844 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36847 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36971 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37509 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37933 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3796 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37999 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38048 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38123 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\38868 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39072 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39245 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39632 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39896 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\39897 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\402844 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\40999 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41215 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41225 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41273 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41364 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4142 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41421 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41499 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41507 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41533 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4157 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41578 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41588 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41641 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41731 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41910 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42208 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4226 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42425 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42695 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42915 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\42916 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43184 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\43907 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44249 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44271 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44293 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44300 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44306 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44458 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44595 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44701 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\44878 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45709 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\45833 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46021 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46258 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\46415 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47468 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47484 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4765 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47778 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\47914 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\48540 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\4899 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49205 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49364 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49370 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49871 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\50830 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51166 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\51374 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\516030 -> Adware.HotBar : Error during cleaning.
C:\Documents and Settings\Kari\Application Data\Hotbar\
  • 0

#19
Gambro
Posted 18 November 2006 - 09:30 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
also here's the latest HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 10:29:46 AM, on 18/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karbear444.sp...ad/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.pure...m/en/onager.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://www.cogeco.ca...ols21/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: logonui.dll winword.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  • 0

#20
Gambro
Posted 20 November 2006 - 06:12 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Middie
I tried running AVG again in safe mode and it seemed to clean everything this time with no errors, here is the log file. I am still getting messages from my ISP however indicating my computer is spamming.... i will also include the HJT file

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 6:45:32 AM 20/11/2006

+ Scan result:



C:\Documents and Settings\Kari\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\Wallpaper -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\eskin -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\HostOL\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\344stat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kari\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kathryn\Cookies\kathryn@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][2].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\[email protected][1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Kathryn\Cookies\kathryn@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.


::Report end

Logfile of HijackThis v1.99.1
Scan saved at 7:06:24 AM, on 20/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\WINDOWS\system32\RioMSC.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\PROGRA~1\Dantz\RETROS~1\retrospect.exe
C:\HijackThis\HijackThis.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karbear444.sp...ad/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.pure...m/en/onager.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {94EB57FE-2720-496C-B33F-D9353C6E23F7} (F-Secure Online Scanner 2.1) - http://www.cogeco.ca...ols21/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: logonui.dll winword.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
  • 0

#21
Middie042
Posted 21 November 2006 - 11:01 PM

Middie042

    Member

  • Member
  • PipPipPip
  • 382 posts
Gambro


Hi Gambro:

I am sorry for the delay. I was having connectivity problems with the internet service, and I hope to have that resolved. Thanks for your reply and the updated logs.


We must follow several steps to make progress here.

Do you recognize one of the programs in your uninstall list, named AV? The same question for SereneScreen Screensave. If you downloaded it for free it may also be a hole in security. If you purchased the programs it would be fine. If it was a free download, follow the instructions to uninstall it please.

If you do not recognize it and did not install it on purpose, I will recommend it be uninstalled and deleted. These instructions will be in green, so if you want to keep it disregard any instruction in this post in green. Tell me though if you decide to keep it because you installed it.

Concerning the program Limewire, P2P sharing programs are a known notorious malware and spyware opportunity to cause you problems. For dealing with this fix, I must highly recommend removing and deleting it.

Also, you have a program called XoftSpy installed. While not now considered a rogue program, I will need you to uninstall it during this fix. Here is a link for more information: SpywareWarrior Info.

While we are uninstalling a few, we will do a couple of housekeeping uninstalls of some older programs-older Java updates.
  • Boot into SAFE MODE
  • Go to Start > Control Panel > Add/Remove Programs and uninstall the following programs:
    • AV
    • Serenescreen Aquarium
    • Limewire
    • Limewire 4.12.3
    • J2SE Runtime Environment 5.0 Update 1
    • J2SE Runtime Environment 5.0 Update 4
    • J2SE Runtime Environment 5.0 Update 6
    • Java 2 Runtime Environment Standard Edition v1.3.1_04
    • XoftSpy
  • Using Windows Explorer while still in safe mode, navigate to the following folders and DELETE them:C:\Program Files\AV\
    C:\Program Files\Serenescreen Aquarium\
    C:\Program Files\Limewire and Limewire 4.12.3 if it appears
    C:\Program Files\Xoftspy\
Boot into Normal Mode.
  • Download ComboFix.exe using either of these links:

    COMBOFIX AT BLEEPINGCOMPUTER

    COMBOFIX AT TECHSUPPORTFORUM

  • Double click on combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log & a fresh HJT log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall
And do this for me:

Please RIGHT-CLICK HERE and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
  • Save it to the desktop.
  • Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
  • You will receive a prompt:
    • Do you want to skip supplementary searches?
      click NO
  • If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
  • You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
  • Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.

Please post back:

  • The combofix log
  • The silent runners log
  • A new HJT log
  • Any comments on difficulties or differences you experienced, if any, with these instructions.
Regards,

Middie042

Edited by Middie042, 21 November 2006 - 11:04 PM.

  • 0

#22
Gambro
Posted 22 November 2006 - 01:16 PM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Middie thanks for the responses I will try these and report back. However I few more things I have uncovered for your reference is that my ISP suggested I run the Windows Live One-Care service... (http://safety.live.com)
It uncovered C2.lop , but could not remove it.


Will let you know how I make out with your suggestions
  • 0

#23
Gambro
Posted 22 November 2006 - 06:09 PM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Middie
Here is the log files you needed. Note that I could not find AV anywhere when I went to use the uninstall program (and I don't know what it is). Also I could not remove the J2SE runtime files in SAFE MODE.

ComboFix Logfile
Kathryn - 06-11-22 18:12:47.56 Service Pack 2
ComboFix 06.11.22 - Running from: "C:\Documents and Settings\Kathryn\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\PPATCH~1
C:\QooBox\Purity\Program Files\SKS~1
C:\QooBox\Purity\Program Files\SMBOLS~1
C:\QooBox\Purity\Program Files\SSTEM~1
C:\QooBox\Purity\Program Files\STEM32~1
C:\QooBox\Purity\Program Files\STEM~1
C:\QooBox\Purity\Program Files\WNSXS~1
C:\QooBox\Purity\Program Files\Common Files\DOBE~1
C:\QooBox\Purity\Program Files\Common Files\ICROSO~1
C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
C:\QooBox\Purity\Program Files\Common Files\RACLE~1
C:\QooBox\Purity\Program Files\Common Files\SSTEM~1
C:\QooBox\Purity\Program Files\Common Files\WNSXS~1
C:\QooBox\Purity\Program Files\STEM~1\STEM~1
C:\QooBox\Purity\WINDOWS\SMANTE~1
C:\QooBox\Purity\WINDOWS\SSTEM3~1
C:\QooBox\Purity\WINDOWS\YSTEM3~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\CROSOF~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\SYSTEM32\SSTEM3~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SSTEM~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\STEM~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\TSKS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\STEM~1\STEM~1


((((((((((((((((((((((((((((((( Files Created from 2006-10-22 to 2006-11-22 ))))))))))))))))))))))))))))))))))


2006-11-21 22:42 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2006-11-20 20:45 <DIR> d-------- C:\Documents and Settings\Kathryn\.housecall6.6
2006-11-20 18:42 <DIR> d-------- C:\Program Files\The Cleaner
2006-11-17 14:33 <DIR> d-------- C:\Documents and Settings\Kathryn\Application Data\AdobeUM
2006-11-17 14:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2006-11-17 07:39 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-12 14:32 <DIR> d-------- C:\WINDOWS\SYSTEM32\Kaspersky Lab
2006-11-12 07:03 <DIR> dr-h----- C:\Documents and Settings\Kathryn\Recent
2006-11-07 07:13 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2006-11-07 07:13 40,960 --a------ C:\WINDOWS\SYSTEM32\swsc.exe
2006-11-07 07:13 4,584 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2006-11-07 07:13 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2006-11-07 07:13 135,168 --a------ C:\WINDOWS\SYSTEM32\swreg.exe
2006-11-07 06:39 <DIR> d-------- C:\VundoFix Backups
2006-11-04 06:52 <DIR> d-------- C:\Program Files\Grisoft
2006-11-03 23:26 76,560 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\tmcomm.sys


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-22 18:15 -------- d-------- C:\Program Files\Common Files
2006-11-22 16:22 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-11-19 22:18 -------- d-------- C:\Program Files\Common Files\Skyscape
2006-11-18 15:24 724992 --a------ C:\WINDOWS\iun6002.exe
2006-11-17 14:24 877 --a------ C:\Documents and Settings\Kathryn\Application Data\AdobeDLM.log
2006-11-17 14:24 0 --a------ C:\Documents and Settings\Kathryn\Application Data\dm.ini
2006-11-17 14:24 -------- d-------- C:\Program Files\Adobe
2006-11-17 14:23 -------- d-------- C:\Documents and Settings\Kathryn\Application Data\Adobe
2006-11-17 00:02 -------- d-------- C:\Program Files\Documents To Go
2006-11-17 00:01 -------- d-------- C:\Program Files\Palm
2006-11-17 00:01 -------- d-------- C:\Program Files\Common Files\Mobipocket Shared
2006-11-16 03:01 -------- d-------- C:\Program Files\Internet Explorer
2006-11-03 22:01 -------- d-------- C:\Program Files\Google
2006-11-03 21:55 -------- d-------- C:\Program Files\Java
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-12 18:29 -------- d-------- C:\Program Files\Symantec
2006-10-12 15:08 -------- d-------- C:\Program Files\Norton Internet Security
2006-09-22 15:31 -------- d-------- C:\Program Files\iTunes
2006-09-22 15:30 -------- d-------- C:\Program Files\iPod
2006-09-22 15:24 -------- d-------- C:\Program Files\QuickTime
2006-09-22 15:14 -------- d-------- C:\Program Files\Apple Software Update
2006-09-21 19:55 21840 --a----t- C:\WINDOWS\SYSTEM32\SIntfNT.dll
2006-09-21 19:55 17212 --a----t- C:\WINDOWS\SYSTEM32\SIntf32.dll
2006-09-21 19:55 12067 --a----t- C:\WINDOWS\SYSTEM32\SIntf16.dll
2006-09-15 21:04 48816 --a------ C:\WINDOWS\SYSTEM32\S32EVNT1.DLL
2006-09-13 00:01 1084416 --a------ C:\WINDOWS\SYSTEM32\msxml3.dll
2006-09-02 14:35 613056 --a------ C:\WINDOWS\SYSTEM32\SymNeti.dll
2006-09-02 14:35 239808 --a------ C:\WINDOWS\SYSTEM32\SymRedir.dll
2006-08-25 10:45 617472 --a------ C:\WINDOWS\SYSTEM32\comctl32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Mobipocket Web Companion"="C:\\PROGRA~1\\COMMON~1\\MOBIPO~1\\webcomp.exe -m"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"BJPD HID Control"="C:\\Program Files\\Canon\\BJPV\\TVMon.exe"
"BJLaunchEXE"="C:\\Program Files\\Canon\\BJCard\\BJLaunch.exe"
"Creative WebCam Tray"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"AcctMgr"="C:\\Program Files\\Norton Password Manager\\AcctMgr.exe /startup"
"PDUiP6000DMon"="C:\\Program Files\\Canon\\Memory Card Utility\\PIXMA iP6000D\\PDUiP6000DMon.exe"
"PDUiP6000DTskbr"="C:\\Program Files\\Canon\\Memory Card Utility\\PIXMA iP6000D\\PDUiP6000DTskbr.exe"
"Easy-PrintToolBox"="C:\\Program Files\\Canon\\Easy-PrintToolBox\\BJPSMAIN.EXE /logon"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"MaxtorOneTouch"="C:\\Program Files\\Maxtor\\OneTouch\\utils\\Onetouch.exe"
"RetroExpress"="C:\\PROGRA~1\\Dantz\\RETROS~1\\RetroExpress.exe /h"
"MXOBG"="C:\\WINDOWS\\MXOALDR.EXE"
"QAGENT"="C:\\Program Files\\QUICKENW\\QAGENT.EXE"
"Windows Media Connect 2"="\"C:\\Program Files\\Windows Media Connect 2\\WMCCFG.exe\" /StartQuiet"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"tcactive"="C:\\Program Files\\The Cleaner\\tca.exe"
"tcmonitor"="C:\\Program Files\\The Cleaner\\tcm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,04,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060611-092145-146
R3 - Default URLSearchHook is missing
backup-20060611-092145-312
O8 - Extra context menu item: &Search - http://bar.mywebsear...29YYCA_ZSzeb029
backup-20060607-073407-855
O2 - BHO: (no name) - {BD2C5B6D-B7D2-E604-A58E-E73BF40121C4} - C:\WINDOWS\system32\hvt.dll
backup-20060607-073407-410
O2 - BHO: (no name) - {18B01B12-F0AF-F877-842D-A87F601FD09E} - C:\WINDOWS\system32\nrabwptg.dll
backup-20051107-203338-139
O2 - BHO: (no name) - {8CE0C2AC-659B-8113-AD8C-EB6132CF5B80} - C:\DOCUME~1\Kari\APPLIC~1\METALI~1\mess htm.exe (file missing)
backup-20051030-203053-747
O2 - BHO: (no name) - {8CE0C2AC-659B-8113-AD8C-EB6132CF5B80} - C:\DOCUME~1\Kari\APPLIC~1\METALI~1\mess htm.exe (file missing)
backup-20051017-214520-448
O2 - BHO: (no name) - {8CE0C2AC-659B-8113-AD8C-EB6132CF5B80} - C:\DOCUME~1\Kari\APPLIC~1\METALI~1\mess htm.exe
backup-20051017-214520-717
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uwzicvsvlbwje...gXlwwnCQH9g.asp
backup-20051017-214051-459
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://searchmiracle.com/sp.php
backup-20051017-214051-249
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xgwskkhpy...XlwwnCQH9g.html
backup-20051017-213858-710
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
backup-20051017-213858-399
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.kxiiaylnj...My9Oq_Tlrao.htm
backup-20051017-213858-482
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.exutewbnp...AXlwwnCQH9g.htm
backup-20051002-163625-281
O4 - HKLM\..\Run: [ace title program start] C:\Documents and Settings\All Users\Application Data\Chic type ace title\Second Inter.exe
backup-20051002-163302-588
O2 - BHO: (no name) - {8CE0C2AC-659B-8113-AD8C-EB6132CF5B80} - C:\DOCUME~1\Kari\APPLIC~1\METALI~1\mess htm.exe (file missing)
backup-20050818-192443-426
O4 - HKLM\..\Run: [ace title program start] C:\Documents and Settings\All Users\Application Data\Chic type ace title\ForkSite.exe
backup-20050817-191116-861
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
backup-20050817-191116-695
O2 - BHO: (no name) - {8CE0C2AC-659B-8113-AD8C-EB6132CF5B80} - C:\DOCUME~1\Kari\APPLIC~1\METALI~1\mess htm.exe (file missing)
backup-20050809-073640-955
O8 - Extra context menu item: &Search - http://bar.mywebsear...29YYCA_ZSzeb029
backup-20050805-135548-235
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vzupcbeio...L723eg50Rg.html
backup-20050805-135548-840
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.vllpzwfqj...3RtMI_p_qvC.cgi
backup-20050805-121228-501
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe
backup-20050805-121228-958
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
backup-20050805-121228-721
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.rvzsjyhyt...My9Oq_Tlrao.jsp
backup-20050805-121228-929
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.xskshgdqq...QXlwwnCQH9g.jpg
backup-20050805-110720-629
O4 - Startup: PowerReg Scheduler V3.exe
backup-20050805-110720-960
O4 - HKCU\..\Run: [CampFree] C:\DOCUME~1\Mike\APPLIC~1\DEBUGT~1\audiologoaxis.exe
backup-20050805-110720-734
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
backup-20050805-110720-761
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
backup-20050805-110720-494
O4 - HKLM\..\Run: [ace title program start] C:\Documents and Settings\All Users\Application Data\Chic type ace title\supportglue.exe
backup-20050805-110720-920
O4 - HKLM\..\Run: [safelicensejoyhelp] C:\Documents and Settings\All Users\Application Data\MathCloseSafeLicense\Audio mags.exe
backup-20050805-110720-525
R3 - Default URLSearchHook is missing
backup-20050805-110720-890
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.nrcbqjepv...dg1XPA5AgK.html
backup-20050805-110720-745
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tejgnwmkw...Wtyxg6tCeQ.html

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Norton Internet Security - Run Full System Scan - Kathryn.job
C:\WINDOWS\tasks\Symantec Drmc.job

Completion time: 06-11-22 18:17:42.75
C:\ComboFix.txt ... 06-11-22 18:17



HJT Logfile
Logfile of HijackThis v1.99.1
Scan saved at 7:05:30 PM, on 22/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karbear444.sp...ad/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.pure...m/en/onager.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: logonui.dll winword.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe




SilentRunners Logfile
"Silent Runners.vbs", revision 49, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"


Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"Mobipocket Web Companion" = "C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m" ["Mobipocket.com"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"BCMSMMSG" = "BCMSMMSG.exe" ["Broadcom Corporation"]
"DVDSentry" = "C:\WINDOWS\System32\DSentry.exe" ["Dell - Advanced Desktop Engineering"]
"AdaptecDirectCD" = ""C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"" ["Roxio"]
"BJPD HID Control" = "C:\Program Files\Canon\BJPV\TVMon.exe" ["Canon Inc."]
"BJLaunchEXE" = "C:\Program Files\Canon\BJCard\BJLaunch.exe" ["CANON INC."]
"Creative WebCam Tray" = "C:\Program Files\Creative\Shared Files\CAMTRAY.EXE" ["Creative Technology Ltd"]
"AcctMgr" = "C:\Program Files\Norton Password Manager\AcctMgr.exe /startup" ["Symantec Corporation"]
"PDUiP6000DMon" = "C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe" ["CANON INC."]
"PDUiP6000DTskbr" = "C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe" ["CANON INC."]
"Easy-PrintToolBox" = "C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon" ["CANON INC."]
"SunJavaUpdateSched" = ""C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"" ["Sun Microsystems, Inc."]
"MaxtorOneTouch" = "C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe" ["Maxtor Corporation"]
"RetroExpress" = "C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h" [null data]
"MXOBG" = "C:\WINDOWS\MXOALDR.EXE" ["Cypress Semiconductor"]
"QAGENT" = "C:\Program Files\QUICKENW\QAGENT.EXE" [empty string]
"Windows Media Connect 2" = ""C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet" [MS]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"QuickTime Task" = ""C:\Program Files\QuickTime\qttask.exe" -atboottime" ["Apple Computer, Inc."]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"osCheck" = ""C:\Program Files\Norton Internet Security\osCheck.exe"" ["Symantec Corporation"]
"iTunesHelper" = ""C:\Program Files\iTunes\iTunesHelper.exe"" ["Apple Computer, Inc."]
"!AVG Anti-Spyware" = ""C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized" ["Anti-Malware Development a.s."]
"tcactive" = "C:\Program Files\The Cleaner\tca.exe" ["MooSoft Development"]
"tcmonitor" = "C:\Program Files\The Cleaner\tcm.exe" ["MooSoft Development"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader Link Helper"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1E8A6170-7264-4D0F-BEAE-D42A53123C75}\(Default) = (no title provided)
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll" ["Symantec Corporation"]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = "SSVHelper Class"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
{AA58ED58-01DD-4d91-8333-CF10577473F7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Helper"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{5E44E225-A408-11CF-B581-008029601108}" = "Adaptec DirectCD Shell Extension"
-> {HKLM...CLSID} = "Adaptec DirectCD Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\Roxio\EASYCD~1\DirectCD\Shellex.dll" ["Roxio"]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook File Icon Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL" [MS]
"{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF}" = "iTunes"
-> {HKLM...CLSID} = "iTunes"
\InProcServer32\(Default) = "C:\Program Files\iTunes\iTunesMiniPlayer.dll" ["Apple Computer, Inc."]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{1530F7EE-5128-43BD-9977-84A4B0FAD7DF}" = "PhotoToys"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\WINDOWS\system32\phototoys.dll" [MS]
"{CBCE08BC-8102-4B51-8FAB-622C7BE0A37B}" = "SwfFileUploaderMenu"
-> {HKLM...CLSID} = "SwfFileUploaderMenu"
\InProcServer32\(Default) = "C:\Program Files\NETGUI\Photobucket Uploader\UpWzMenu.dll" [null data]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> "{57B86673-276A-48B2-BAE7-C6DBB3020EB8}" = "AVG Anti-Spyware 7.5"
-> {HKLM...CLSID} = "CShellExecuteHookImpl Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" ["Anti-Malware Development a.s."]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows\
<<!>> "AppInit_DLLs" = "logonui.dll winword.dll" [file not found]

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
SwfFileUploaderMenu\(Default) = "{CBCE08BC-8102-4B51-8FAB-622C7BE0A37B}"
-> {HKLM...CLSID} = "SwfFileUploaderMenu"
\InProcServer32\(Default) = "C:\Program Files\NETGUI\Photobucket Uploader\UpWzMenu.dll" [null data]
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
TheCleaner\(Default) = "{2DE506B9-4320-11d3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
AVG Anti-Spyware\(Default) = "{8934FCEF-F5B8-468f-951F-78A921CD3920}"
-> {HKLM...CLSID} = "CContextScan Object"
\InProcServer32\(Default) = "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll" ["Anti-Malware Development a.s."]
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}"
-> {HKLM...CLSID} = "IEContextMenu Class"
\InProcServer32\(Default) = "C:\PROGRA~1\NORTON~2\NORTON~1\NavShExt.dll" ["Symantec Corporation"]
TheCleaner\(Default) = "{2DE506B9-4320-11D3-8E42-002035221EDA}"
-> {HKLM...CLSID} = "The Cleaner"
\InProcServer32\(Default) = "C:\Program Files\The Cleaner\tcshellex.dll" ["MooSoft Development"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {HKLM...CLSID} = "TrojanHunter Menu Shell Extension"
\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.5\contmenu.dll" [null data]


Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) hex:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) hex:0x00000001
{Devices: Allow undock without having to log on}


Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Kathryn\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"


Startup items in "Kathryn" & "All Users" startup folders:
---------------------------------------------------------

C:\Documents and Settings\Kathryn\Start Menu\Programs\Startup
"Skyscape smARTupdate" -> shortcut to: "C:\Program Files\Common Files\Skyscape\smARTupdate.exe" ["Skyscape, Inc."]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"Adobe Reader Speed Launch" -> shortcut to: "C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe" ["Adobe Systems Incorporated"]
"DataViz Inc Messenger" -> shortcut to: "C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe" ["DataViz, Inc."]
"Digital Line Detect" -> shortcut to: "C:\Program Files\Digital Line Detect\DLG.exe" ["BVRP Software"]
"HotSync Manager" -> shortcut to: "C:\Program Files\Palm\Hotsync.exe -logon" ["PalmSource, Inc"]
"Microsoft Office" -> shortcut to: "C:\Program Files\Microsoft Office\Office\OSA9.EXE -b -l" [MS]


Enabled Scheduled Tasks:
------------------------

"AppleSoftwareUpdate" -> launches: "C:\Program Files\Apple Software Update\SoftwareUpdate.exe -Task" ["Apple Computer, Inc."]
"Norton Internet Security - Run Full System Scan - Kathryn" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec Drmc" -> launches: "C:\Program Files\Common Files\Symantec Shared\SymDrmc.exe /CUSTOM /SCHEDULE" [null data]


Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 15
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05


Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{90222687-F593-4738-B738-FBEE9C7B26DF}" = "NCO Toolbar"
-> {HKLM...CLSID} = "Show Norton Toolbar"
\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll" ["Symantec Corporation"]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\program files\google\googletoolbar3.dll" ["Google Inc."]

Explorer Bars

HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\

HKLM\Software\Classes\CLSID\{03C1C47F-0538-4645-8372-D3109B9FC636}\(Default) = "Easy-WebPrint"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Canon\Easy-WebPrint\Toolband.dll" [null data]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}"
-> {HKCU...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll" ["Sun Microsystems, Inc."]
-> {HKLM...CLSID} = "Java Plug-in 1.5.0_09"
\InProcServer32\(Default) = "C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll" ["Sun Microsystems, Inc."]

{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\PROGRA~1\AIM95\aim.exe" ["America Online, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"MenuText" = "@C:\Program Files\Messenger\Msgslang.dll,-61144"
"Exec" = "C:\Program Files\Messenger\msmsgs.exe" [MS]


Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

Automatic LiveUpdate Scheduler, Automatic LiveUpdate Scheduler, ""C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"" ["Symantec Corporation"]
Canon BJ Memory Card Manager, Bjmcmng, "C:\Program Files\Canon\BJCard\Bjmcmng.exe" ["CANON INC."]
Canon PIXMA iP6000D Memory Card Manager, PDUiP6000DMemCrdMgr, "C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe" ["CANON INC."]
HTTP SSL, HTTPFilter, "C:\WINDOWS\System32\svchost.exe -k HTTPFilter" {"C:\WINDOWS\System32\w3ssl.dll" [MS]}
iPod Service, iPod Service, ""C:\Program Files\iPod\bin\iPodService.exe"" ["Apple Computer, Inc."]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Retrospect Express HD Launcher, RetroExpLauncher, "C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe" ["Dantz Development Corporation"]
Rio MSC Manager, RioMSC, "C:\WINDOWS\system32\RioMSC.exe" ["Digital Networks North America, Inc."]
Symantec AppCore Service, SymAppCore, ""C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe"" ["Symantec Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Lic NetConnect service, CLTNetCnService, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon" ["Symantec Corporation"]
Windows Media Connect Service, WMConnectCDS, "C:\Program Files\Windows Media Connect 2\wmccds.exe" [MS]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]
WMI Performance Adapter, WmiApSrv, "C:\WINDOWS\System32\wbem\wmiapsrv.exe" [MS]


Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Canon BJ Language Monitor i470D\Driver = "CNMLM4y.DLL" ["CANON INC."]
Canon BJ Language Monitor PIXMA iP6000D\Driver = "CNMLM69.DLL" ["CANON INC."]
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]


----------
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 191 seconds.
---------- (total run time: 277 seconds)

Edited by Gambro, 22 November 2006 - 06:11 PM.

  • 0

#24
Middie042
Posted 22 November 2006 - 11:55 PM

Middie042

    Member

  • Member
  • PipPipPip
  • 382 posts
Hello and Welcome Back

Happy Turkey Day if you are from the states...............

Several clues have now popped out, including where LOP is hiding and the prior attempts to eradicate it, unsuccessfully. Print or save these instructions to your desktop for reference.

FIRST order of business is to download and install a firewall. This will be configured for all users, and will stop outgoing activity unless you permit it. The windows firewall is not as effective, if you are using it. Here are two free, effective referals for a firewall.

For a firewall Zone Alarm ZoneAlarm
or
Another firewall Kerio Kerio

Once installed it will alert you to activity and programs requesting access to the internet. You can use this to identify problems and block them. Please download and install one of these or one of your choice. These two have NO Cost options. I use one of them personally.


For this fix, please stop AVG AntiSpyware from running, as well as the Moosoft The CLeaner and Monitor. To stop AVG AntiSpyware, right click on the -AVG block and uselect "Resident Shield". CHeck the Moosoft documentation to pause or stop it also during
this fix. They can be re-started after reboot. But I would be keeping an eye on all of the programs you have running, it AVG, Moosoft, Live One-Care along with your AntiVirus program.


Please Download NoLop to your desktop from one of the links below...
Link 1
Link 2
Link 3
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish Please Post the contents of C:\NoLop.log along with a fresh HijackThis log
--If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to your system32 folder then rerun the program. --


Next Create a Startup List
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Check off the 2 boxes next to the Box that says "Generate StartupList log"
  • Click on the button "Generate StartupList log"
  • Copy and past the StartupList from the notepad into your next post
Lets try to run another online scan to see what we have left to work on. This scan requires Internet Explorer and you need to allow the ActiveX Component.

Go here and do the BitDefender online virus scan.

* Click "I Agree" to agree to the EULA.
* Allow the ActiveX control to install when prompted.
* Click "Click here to scan" to begin the scan.
* Please refrain from using the computer until the scan is finished.
* When the scan is finished, click on "Click here to export the scan results"
* Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log, the NoLop report and the HJT Startup List.

I will be checking in tomorrow.

Regards,

Middie042
  • 0

#25
Gambro
Posted 23 November 2006 - 10:07 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Middie

I've installed the firewall (ZoneAlarm) as suggested. SHould I continue to keep Windows Firewall active or disable it? My Norton program also indicates it has a firewall running...same question..should I disable it?

Also a question on virus software I have running...should I keep Norton, MooSoft and AVG all active as I have been? The reason I ask is that my computer seems to running even slower since I have been installing all of these programs in the quest to clean it up. It takes almost 15 minutes just to log on as a user.

Here are the log files as requested....note that when I ran NoLop it came back saying it could not find LOP on my computer so no report was generated.

BitDefender Report (still have an active virus)
sorry I saved it as a txt file so it included all the HTML code...hope you can read or translate it!

<HTML>
<HEAD>
<TITLE>BitDefender Online Scanner -Scan Report</TITLE>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
<meta name="generator" content="Namo WebEditor v5.0(Trial)">
</HEAD>
<BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


<table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
<tr>
<td width="458">
<p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
Online Scanner</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>
<tr>
<td colspan="3" width="912">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
at: Thu, Nov 23, 2006 - 10:20:38</b></span></font></p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>Scan
path: </b></span><span style="font-size:10pt;">A:\;C:\;D:\;E:\;F:\;</span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Statistics</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Time</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">01:57:02</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">425555</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Folders</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">15291</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Boot Sectors</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">5</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">7554</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Packed Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">28641</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>



<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Results</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Identified Viruses </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">2</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Infected Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">3</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Disinfected</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">0</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Deleted Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">4</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Engines Info</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Virus Definitions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">317747</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Engine build</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">13</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Archive plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">38</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Unpack plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">E-mail plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">6</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">System&nbsp;plugins</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">1</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="451" colspan="2" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">First Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Disinfect</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Second Action</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Delete</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Heuristics</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Enable Warnings</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scanned Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">*;</font></p>
</td>
</tr>

<tr>
<td width="57%">
<p><font face="Arial" size="2">Exclude Extensions</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">&nbsp;</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Emails</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Archives</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Packed</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Files</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">Scan Boot</font></p>
</td>
<td width="43%" align="right">
<p><font face="Arial" size="2">Yes</font></p>
</td>
</tr>
</table>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td colspan=2> &nbsp;
<table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
<tr>
<td width="252" bgcolor="#CCCCCC">
<p><font face="Arial" size="2"><B>Scanned File</b></font></p>
</td>
<td width="195" bgcolor="#CCCCCC" align="right">
<p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
</td>
</tr>
<tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx=>(message 203)=>[Subject: Fw: Use this patch immediately !][Date: Wed, 27 Aug 2003 06:51:06 -0400]=>(MIME part)=>patch.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Dumaru.A@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx=>(message 203)=>[Subject: Fw: Use this patch immediately !][Date: Wed, 27 Aug 2003 06:51:06 -0400]=>(MIME part)=>patch.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx=>(message 203)=>[Subject: Fw: Use this patch immediately !][Date: Wed, 27 Aug 2003 06:51:06 -0400]=>(MIME part)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx=>(message 203)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Identities\{8D32DF8B-D3B8-4783-A0C5-FE37E2FC8659}\Microsoft\Outlook Express\Sent Items.dbx</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Update failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: Fw: Use this patch immediately !][From: Kathy Gambarotto]=>patch.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Infected with: Win32.Dumaru.A@mm</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: Fw: Use this patch immediately !][From: Kathy Gambarotto]=>patch.exe</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\Documents and Settings\Kathryn\Local Settings\Application Data\Microsoft\Outlook\archive.pst</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Updated</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1467\A0498068.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Detected with: Adware.Clearsearch.B</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1467\A0498068.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Disinfection failed</font></p>
</td>
</tr><tr>
<td width="57%">
<p><font face="Arial" size="2">C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1467\A0498068.exe=>(Quarantine-2)</font></p>
</td>
<td width="43%" align="left">
<p><font face="Arial" size="2">Deleted</font></p>
</td>
</tr>
</table>
</td>

<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

<tr>
<td width="458">
<p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
</td>
<td width="40%">
<p>&nbsp;</p>
</td>
<td width="10%">
<p>&nbsp;</p>
</td>
</tr>

</table>
<p>&nbsp;</p>

</body>
</html>


HJT Startup

StartupList report, 23/11/2006, 8:20:33 AM
StartupList version: 1.52.2
Started from : C:\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Kathryn\Start Menu\Programs\Startup]
Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Digital Line Detect.lnk = ?
HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
BCMSMMSG = BCMSMMSG.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
BJPD HID Control = C:\Program Files\Canon\BJPV\TVMon.exe
BJLaunchEXE = C:\Program Files\Canon\BJCard\BJLaunch.exe
Creative WebCam Tray = C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
AcctMgr = C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
PDUiP6000DMon = C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
PDUiP6000DTskbr = C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
Easy-PrintToolBox = C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MaxtorOneTouch = C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
RetroExpress = C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
MXOBG = C:\WINDOWS\MXOALDR.EXE
QAGENT = C:\Program Files\QUICKENW\QAGENT.EXE
Windows Media Connect 2 = "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
tcactive = C:\Program Files\The Cleaner\tca.exe
tcmonitor = C:\Program Files\The Cleaner\tcm.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Mobipocket Web Companion = C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=logonui.dll winword.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
(no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Norton Internet Security - Run Full System Scan - Kathryn.job
Symantec Drmc.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}]
CODEBASE = http://housecall60.t...all/xscan60.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.t...ivex/hcImpl.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/wmv9dmo.cab

[{407F5185-3B2E-4196-982B-1E258C46F8FD}]
CODEBASE = ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://karbear444.sp...ad/MsnPUpld.cab

[OnagerCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\onager.dll
CODEBASE = https://bonfire.pure...m/en/onager.cab

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.safe...lscbase8460.cab

[Symantec Download Manager]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
CODEBASE = https://webdl.symant...ex/symdlmgr.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[F-Secure Online Scanner 3.0]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll
CODEBASE = http://support.f-sec...m/ols/fscax.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
CODEBASE = http://www.popcap.co...aploader_v6.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: System32\DRIVERS\AN983.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k net
  • 0

Advertisements

#26
Gambro
Posted 23 November 2006 - 10:13 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
just noticed my last post was cut off..here are the HJT files again:

HJT Startup

StartupList report, 23/11/2006, 8:20:33 AM
StartupList version: 1.52.2
Started from : C:\HijackThis\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Kathryn\Start Menu\Programs\Startup]
Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
Digital Line Detect.lnk = ?
HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

IgfxTray = C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds = C:\WINDOWS\system32\hkcmd.exe
BCMSMMSG = BCMSMMSG.exe
DVDSentry = C:\WINDOWS\System32\DSentry.exe
AdaptecDirectCD = "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
BJPD HID Control = C:\Program Files\Canon\BJPV\TVMon.exe
BJLaunchEXE = C:\Program Files\Canon\BJCard\BJLaunch.exe
Creative WebCam Tray = C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
AcctMgr = C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
PDUiP6000DMon = C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
PDUiP6000DTskbr = C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
Easy-PrintToolBox = C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
MaxtorOneTouch = C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
RetroExpress = C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
MXOBG = C:\WINDOWS\MXOALDR.EXE
QAGENT = C:\Program Files\QUICKENW\QAGENT.EXE
Windows Media Connect 2 = "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
TkBellExe = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe"
iTunesHelper = "C:\Program Files\iTunes\iTunesHelper.exe"
tcactive = C:\Program Files\The Cleaner\tca.exe
tcmonitor = C:\Program Files\The Cleaner\tcm.exe
SunJavaUpdateSched = C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
Zone Labs Client = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Mobipocket Web Companion = C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\System32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{4b218e3e-bc98-4770-93d3-2731b9329278}] *
StubPath = %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection MarketplaceLinkInstall 896 %systemroot%\inf\ie.inf

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=logonui.dll winword.dll

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
(no name) - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
(no name) - c:\program files\google\googletoolbar3.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

AppleSoftwareUpdate.job
Norton Internet Security - Run Full System Scan - Kathryn.job
Symantec Drmc.job

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[{04E214E5-63AF-4236-83C6-A7ADCBF9BD02}]
CODEBASE = http://housecall60.t...all/xscan60.cab

[CKAVWebScan Object]
InProcServer32 = C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
CODEBASE = http://www.kaspersky...can_unicode.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\SYSTEM32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....k/?linkid=39204

[Trend Micro ActiveX Scan Agent 6.6]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\Housecall_ActiveX.dll
CODEBASE = http://housecall65.t...ivex/hcImpl.cab

[{33564D57-0000-0010-8000-00AA00389B71}]
CODEBASE = http://download.micr...922/wmv9VCM.CAB

[{33564D57-9980-0010-8000-00AA00389B71}]
CODEBASE = http://codecs.micros...386/wmv9dmo.cab

[{407F5185-3B2E-4196-982B-1E258C46F8FD}]
CODEBASE = ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://karbear444.sp...ad/MsnPUpld.cab

[OnagerCtrl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\onager.dll
CODEBASE = https://bonfire.pure...m/en/onager.cab

[Windows Live Safety Center Base Module]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\wlscBase.dll
CODEBASE = http://cdn.scan.safe...lscbase8460.cab

[Symantec Download Manager]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
CODEBASE = https://webdl.symant...ex/symdlmgr.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[F-Secure Online Scanner 3.0]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\fscax.dll
CODEBASE = http://support.f-sec...m/ols/fscax.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_09]
InProcServer32 = C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[{DF780F87-FF2B-4DF8-92D0-73DB16A1543A}]
CODEBASE = http://www.popcap.co...aploader_v6.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\rsvpsp.dll
Protocol #5: C:\WINDOWS\system32\rsvpsp.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

abp480n5: \SystemRoot\System32\DRIVERS\ABP480N5.SYS (disabled)
Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
adpu160m: \SystemRoot\System32\DRIVERS\adpu160m.sys (disabled)
aeaudio: system32\drivers\aeaudio.sys (manual start)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Intel AGP Bus Filter: \SystemRoot\System32\DRIVERS\agp440.sys (disabled)
Compaq AGP Bus Filter: \SystemRoot\System32\DRIVERS\agpCPQ.sys (disabled)
Aha154x: \SystemRoot\System32\DRIVERS\aha154x.sys (disabled)
aic78u2: \SystemRoot\System32\DRIVERS\aic78u2.sys (disabled)
aic78xx: \SystemRoot\System32\DRIVERS\aic78xx.sys (disabled)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
AliIde: \SystemRoot\System32\DRIVERS\aliide.sys (disabled)
ALI AGP Bus Filter: \SystemRoot\System32\DRIVERS\alim1541.sys (disabled)
AMD AGP Bus Filter Driver: \SystemRoot\System32\DRIVERS\amdagp.sys (disabled)
amsint: \SystemRoot\System32\DRIVERS\amsint.sys (disabled)
ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter: System32\DRIVERS\AN983.sys (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
asc: \SystemRoot\System32\DRIVERS\asc.sys (disabled)
asc3350p: \SystemRoot\System32\DRIVERS\asc3350p.sys (disabled)
asc3550: \SystemRoot\System32\DRIVERS\asc3550.sys (disabled)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
AVG Anti-Spyware Driver: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys (system)
AVG Anti-Spyware Guard: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe (autostart)
AVG Anti-Spyware Clean Driver: System32\DRIVERS\AvgAsCln.sys (system)
Broadcom 440x 10/100 Integrated Controller XP Driver: System32\DRIVERS\bcm4sbxp.sys (manual start)
BCM V.92 56K Modem: System32\DRIVERS\BCMSM.sys (manual start)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Canon BJ Memory Card Manager: C:\Program Files\Canon\BJCard\Bjmcmng.exe (autostart)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
cbidf: \SystemRoot\System32\DRIVERS\cbidf2k.sys (disabled)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
Symantec Event Manager: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
Symantec Settings Manager: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
cd20xrnt: \SystemRoot\System32\DRIVERS\cd20xrnt.sys (disabled)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Symantec Lic NetConnect service: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
CmdIde: \SystemRoot\System32\DRIVERS\cmdide.sys (disabled)
COM Host: "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" (manual start)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cpqarray: \SystemRoot\System32\DRIVERS\cpqarray.sys (disabled)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
dac2w2k: \SystemRoot\System32\DRIVERS\dac2w2k.sys (disabled)
dac960nt: \SystemRoot\System32\DRIVERS\dac960nt.sys (disabled)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
dpti2o: \SystemRoot\System32\DRIVERS\dpti2o.sys (disabled)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
3Com EtherLink XL 90XB/C Adapter Driver: System32\DRIVERS\el90xbc5.sys (manual start)
EraserUtilRebootDrv: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (manual start)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
Canon BJ Hid Usb Filter Service: System32\DRIVERS\bjhid.sys (manual start)
Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
hpn: \SystemRoot\System32\DRIVERS\hpn.sys (disabled)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i2omp: \SystemRoot\System32\DRIVERS\i2omp.sys (disabled)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
i81x: System32\DRIVERS\i81xnt5.sys (manual start)
iAimFP0: System32\DRIVERS\wADV01nt.sys (manual start)
iAimFP1: System32\DRIVERS\wADV02NT.sys (manual start)
iAimFP2: System32\DRIVERS\wADV05NT.sys (manual start)
iAimFP3: System32\DRIVERS\wSiINTxx.sys (manual start)
iAimFP4: System32\DRIVERS\wVchNTxx.sys (manual start)
iAimTV0: System32\DRIVERS\wATV01nt.sys (manual start)
iAimTV1: System32\DRIVERS\wATV02NT.sys (manual start)
iAimTV2: System32\DRIVERS\wATV03nt.sys (manual start)
iAimTV3: System32\DRIVERS\wATV04nt.sys (manual start)
iAimTV4: System32\DRIVERS\wCh7xxNT.sys (manual start)
ialm: System32\DRIVERS\ialmnt5.sys (manual start)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
ini910u: \SystemRoot\System32\DRIVERS\ini910u.sys (disabled)
IntelIde: \SystemRoot\System32\DRIVERS\intelide.sys (disabled)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Symantec IS Password Validation: "C:\Program Files\Norton Internet Security\isPwdSvc.exe" (manual start)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LexBce Server: C:\WINDOWS\system32\LEXBCES.EXE (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Unimodem Streaming Filter Device: system32\drivers\MODEMCSA.sys (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Photo Viewer: system32\DRIVERS\mr7910.sys (manual start)
mraid35x: \SystemRoot\System32\DRIVERS\mraid35x.sys (disabled)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
USB Storage Adapter FX (MXO): system32\DRIVERS\MXOFX.SYS (manual start)
Maxtor OneTouch Security Driver: system32\DRIVERS\mxopswd.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
NAVENG: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVENG.SYS (manual start)
NAVEX15: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20061122.019\NAVEX15.SYS (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBT: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
nv: System32\DRIVERS\nv4_mini.sys (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OMCI WDM Device Driver: System32\DRIVERS\omci.sys (system)
Creative WebCam NX Pro: System32\DRIVERS\P1130Vid.sys (manual start)
Intel PentiumIII Processor Driver: System32\DRIVERS\p3.sys (system)
PalmUSBD: system32\drivers\PalmUSBD.sys (manual start)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Canon PIXMA iP6000D Memory Card Manager: C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe (autostart)
perc2: \SystemRoot\System32\DRIVERS\perc2.sys (disabled)
perc2hib: \SystemRoot\System32\DRIVERS\perc2hib.sys (disabled)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
QoS Packet Scheduler: System32\DRIVERS\psched.sys (manual start)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
ql1080: \SystemRoot\System32\DRIVERS\ql1080.sys (disabled)
Ql10wnt: \SystemRoot\System32\DRIVERS\ql10wnt.sys (disabled)
ql12160: \SystemRoot\System32\DRIVERS\ql12160.sys (disabled)
ql1240: \SystemRoot\System32\DRIVERS\ql1240.sys (disabled)
ql1280: \SystemRoot\System32\DRIVERS\ql1280.sys (disabled)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Terminal Server Device Redirector Driver: System32\DRIVERS\rdpdr.sys (manual start)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Retrospect Express HD Restore Helper: "C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe" (autostart)
Retrospect Express HD Launcher: C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe (autostart)
Rio MSC Manager: C:\WINDOWS\system32\RioMSC.exe (autostart)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SIS AGP Bus Filter: \SystemRoot\System32\DRIVERS\sisagp.sys (disabled)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
smwdm: system32\drivers\smwdm.sys (manual start)
Sparrow: \SystemRoot\System32\DRIVERS\sparrow.sys (disabled)
SPBBCDrv: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (system)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SRTSP: System32\Drivers\SRTSP.SYS (system)
SRTSPL: System32\Drivers\SRTSPL.SYS (manual start)
SRTSPX: System32\Drivers\SRTSPX.SYS (system)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{F79A1568-D6C5-4C69-A086-936CF52DBBE3} (manual start)
Symantec Core LC: C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (autostart)
Symantec AppCore Service: "C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" (autostart)
symc810: \SystemRoot\System32\DRIVERS\symc810.sys (disabled)
symc8xx: \SystemRoot\System32\DRIVERS\symc8xx.sys (disabled)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMIDSCO: \??\C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\idsdefs\20061113.031\SymIDSCo.sys (manual start)
symlcbrd: \??\C:\WINDOWS\system32\drivers\symlcbrd.sys (autostart)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
sym_hi: \SystemRoot\System32\DRIVERS\sym_hi.sys (disabled)
sym_u3: \SystemRoot\System32\DRIVERS\sym_u3.sys (disabled)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
tmcomm: \??\C:\WINDOWS\system32\drivers\tmcomm.sys (autostart)
TosIde: \SystemRoot\System32\DRIVERS\toside.sys (disabled)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
ultra: \SystemRoot\System32\DRIVERS\ultra.sys (disabled)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
USB Audio Driver (WDM): system32\drivers\usbaudio.sys (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
Microsoft USB Universal Host Controller Miniport Driver: System32\DRIVERS\usbuhci.sys (manual start)
USB Video Device (WDM): System32\Drivers\usbvideo.sys (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
VIA AGP Bus Filter: \SystemRoot\System32\DRIVERS\viaagp.sys (disabled)
ViaIde: \SystemRoot\System32\DRIVERS\viaide.sys (disabled)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Windows Media Connect Service: C:\Program Files\Windows Media Connect 2\wmccds.exe (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Intel® Graphics Platform (SoftBIOS) Driver: system32\drivers\ialmsbw.sys (system)
Intel® Graphics Chipset (KCH) Driver: system32\drivers\ialmkchw.sys (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*No values found*

--------------------------------------------------

End of report, 44,359 bytes
Report generated in 2.250 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by Gambro, 23 November 2006 - 10:18 AM.

  • 0

#27
Gambro
Posted 23 November 2006 - 10:16 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
HJT Log (for the third time!)

Logfile of HijackThis v1.99.1
Scan saved at 11:12:18 AM, on 23/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
C:\WINDOWS\system32\RioMSC.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
C:\Program Files\Norton Password Manager\AcctMgr.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\QUICKENW\QAGENT.EXE
C:\Program Files\Windows Media Connect 2\WMCCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\mrtMngr.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Palm\Hotsync.exe
C:\Program Files\Common Files\Skyscape\smARTupdate.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.5008\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Program Files\Norton Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [PDUiP6000DMon] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMon.exe
O4 - HKLM\..\Run: [PDUiP6000DTskbr] C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DTskbr.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Program Files\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [RetroExpress] C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe /h
O4 - HKLM\..\Run: [MXOBG] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [QAGENT] C:\Program Files\QUICKENW\QAGENT.EXE
O4 - HKLM\..\Run: [Windows Media Connect 2] "C:\Program Files\Windows Media Connect 2\WMCCFG.exe" /StartQuiet
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Mobipocket Web Companion] C:\PROGRA~1\COMMON~1\MOBIPO~1\webcomp.exe -m
O4 - Startup: Skyscape smARTupdate.lnk = C:\Program Files\Common Files\Skyscape\smARTupdate.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM95\aim.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {407F5185-3B2E-4196-982B-1E258C46F8FD} - ftp://ftp.ea.com/pub/easports/patches/nhl2003/en-us/nhl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://karbear444.sp...ad/MsnPUpld.cab
O16 - DPF: {5CB1506E-1DEA-4E63-89A7-E40E52AEA1FD} (OnagerCtrl Class) - https://bonfire.pure...m/en/onager.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...lscbase8460.cab
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} (Symantec Download Manager) - https://webdl.symant...ex/symdlmgr.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.co...aploader_v6.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: logonui.dll winword.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon BJ Memory Card Manager (Bjmcmng) - CANON INC. - C:\Program Files\Canon\BJCard\Bjmcmng.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Canon PIXMA iP6000D Memory Card Manager (PDUiP6000DMemCrdMgr) - CANON INC. - C:\Program Files\Canon\Memory Card Utility\PIXMA iP6000D\PDUiP6000DMemCrdMgr.exe
O23 - Service: Retrospect Express HD Restore Helper (RetroExp Helper) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\rthlpsvc.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Rio MSC Manager (RioMSC) - Digital Networks North America, Inc. - C:\WINDOWS\system32\RioMSC.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#28
Middie042
Posted 24 November 2006 - 10:03 AM

Middie042

    Member

  • Member
  • PipPipPip
  • 382 posts
Gambro:


Due to the holiday, some of the senior experts are away. I am waiting for approval to post the next step. Sorry it is taking this long, but I was later yesterday in getting on line and that delayed the approval.

I am leaving for a long drive shortly, and will not be back online until Saturday evening. I will be back as quick as I am available.

Middie042
  • 0

#29
Gambro
Posted 24 November 2006 - 11:46 AM

Gambro

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks for the note Middie..I will look for your post tomorrow
  • 0

#30
Middie042
Posted 24 November 2006 - 10:24 PM

Middie042

    Member

  • Member
  • PipPipPip
  • 382 posts
Hi Gambro,

Thanks for the information. One of the least things we want is multiple AntiVirus, multiple FireWalls and AntiSpyware programs running at the same time. I am sorry I overlooked the Norton Internet Security. It's been a while since I got away from Norton, and while I noted many of the Norton programs running, I dropped the ball on that one. I would have to wonder what it is allowing, but we can save that for another discussion.

Please uninstall the ZoneAlarm firewall. 10 or 15 minutes to boot is 8 to 12 minutes wayyyyyy to long.

We will disable the AVG AntiSpyware from actively running, but not uninstall it for future use. You will be able to run it on demand, update the definitions when you do, and not have it running to conserve resources. Here's how:

Right click on the AVG icon in the task tray. Unselect both Resident Shield and Start with Windows. You can disregard the notes about leaving you unprotected from AVG at this point. Select EXIT and it will be out of the system tray. It will not load, but you can use it
from the Programs feature when necessary. If it subsequently loads into the system tray, follow the steps to stop it as needed.

Definitely consider disabling the Moosoft The Cleaner at this time. Both the registry tracker and antispyware feature. If it will allow you to disable in much the same manner as AVG, that would be good.

Of course, keep your Norton AntiVirus running. While the entire suite is rather cumbersome and does tend to slow systems down a good bit, you have purchased it. You may want to consider good, free replacements when the subscription is due.


I was able to translate the Bitdefender HTML, and the virus deleted was the Dumaru mass mailing worm. We can only hope it was a major cause of your spamming problems, but we may

have a bit more to work on to see if you are now clean.

Let's try another scan:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report
Regards,

Middie042
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP