Here are the results of the hijackthislogs in the same order as my previous post, plus the AVG Anti-Spyware - Scan Report and the KASPERSKY ONLINE SCANNER REPORT.
Many Thanks
birani
USER 1
Logfile of HijackThis v1.99.1
Scan saved at 23:18:05, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\system32\NeroCheck.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
c:\program files\internet explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Documents and Settings\Mum\Desktop\Junk Desktop\Mum N Brian\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
USER 2
Logfile of HijackThis v1.99.1
Scan saved at 23:16:35, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\x!..Charlotte..!x\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
USER 3[u]
Logfile of HijackThis v1.99.1
Scan saved at 23:15:16, on 12/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ntl\ntl Netguard\fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\KService\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
c:\program files\internet explorer\iexplore.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Documents and Settings\x..Kerri..x\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://piczo.com/?cr=5&rfm=y
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://login.live.c...uth.srf?lc=1033
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\ntl\ntl Netguard\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\ntl\ntl Netguard\FBHR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [FastUser] C:\WINDOWS\system32\fast.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [pdfw] C:\Program Files\Amic Utilities\PDF Writer Pro\pdfwload.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.720.3640\GoogleToolbarNotifier.exe
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.h...edsolutions.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab47946.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab31267.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://213.129.66.245/activex/AMC.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Radialpoint Service (FWS) - Radialpoint Inc. - C:\Program Files\ntl\ntl Netguard\fws.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InteractiveLogon - Unknown owner - C:\WINDOWS\system32\Fast.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\KService\KService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 20:59:03 12/12/2006
+ Scan result:
C:\Documents and Settings\x..Kerri..x\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\x..Kerri..x\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\x..Kerri..x\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\x..Kerri..x\Start Menu\Programs\WhenU\Uninstall.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\x..Kerri..x\Start Menu\Programs\WhenU\WhenU Help Desk.lnk -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\Documents and Settings\x..Kerri..x\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP233\A0163041.dll -> Adware.SearchTool : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP233\A0163031.dll -> Adware.SmartShoppe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP261\A0176959.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP261\A0179957.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0180956.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181968.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP255\A0172755.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184031.dll -> Downloader.Small.ece : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP262\A0181956.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184035.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP268\A0185172.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186563.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186564.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0188093.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191188.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP273\A0191235.exe -> Downloader.Tiny.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184028.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP266\A0184029.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185052.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185053.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185054.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185055.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185056.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185057.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185058.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185059.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185060.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185061.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185062.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185063.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185064.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185065.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185066.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185067.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185068.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185069.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185070.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185071.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185072.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185073.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185074.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185075.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185076.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185077.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185078.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185079.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185080.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185081.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185082.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185083.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185084.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185085.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185086.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185087.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185088.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185091.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185092.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185117.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185119.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185120.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185121.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185122.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185123.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185124.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185125.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185126.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185127.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185128.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185130.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185131.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185132.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185133.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185134.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185135.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185136.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185137.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185138.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185139.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185140.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP267\A0185141.dll -> Logger.Delf.mk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP269\A0186562.exe -> Worm.Glowa.n : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP271\A0191190.exe -> Worm.Glowa.n : Cleaned with backup (quarantined).
::Report end
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, December 12, 2006 11:14:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/12/2006
Kaspersky Anti-Virus database records: 250342
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
M:\
Scan Statistics:
Total number of scanned objects: 123067
Number of viruses found: 24
Number of infected objects: 160 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:57:12
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\72a8eeb6d374854423a53c55fe19b374_3ade599e-3bad-4cc4-9926-48f547e8ae34 Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\ntl\ntl Netguard\logs\Fws.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\MSHist012006121220061213\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Mum\Desktop\Junk Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Mum\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Mum\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Mum\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\x..Kerri..x\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\x..Kerri..x\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\x..Kerri..x\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\x..Kerri..x\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\x..Kerri..x\Local Settings\History\History.IE5\MSHist012006121220061213\index.dat Object is locked skipped
C:\Documents and Settings\x..Kerri..x\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\x..Kerri..x\ntuser.dat Object is locked skipped
C:\Documents and Settings\x..Kerri..x\NtUser.dat.LOG Object is locked skipped
C:\Documents and Settings\x..Kerri..x\UserData\index.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
C:\Program Files\KService\data\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130645.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130647.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130648.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.at skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130651.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130652.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130655.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.an skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130656.SCR Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A0130657.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.v skipped
C:\System Volume Information\_restore{96BB0DB1-18EF-4B16-ACDF-4C4A97BF8DE0}\RP192\A013065