Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

unknown whats going on


  • Please log in to reply

#1
DebKruse

DebKruse

    New Member

  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:56:22 AM, on 1/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
c:\program files\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Grisoft\AVG Free\avgw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\PROGRA~1\INTERN~1\iexplore.exe
C:\Documents and Settings\Default\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (disabled by BHODemon)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Starter.lnk = C:\WINDOWS\SYSTEM32\starter.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~5\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166148989729
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator....ndle33v1d12.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You have 2 firewalls - McAfee and ZoneAlarm AND 2 active Anti Virus - McAfee and AVG

remove one of each (I'd remove McAfee)
  • 0

#3
DebKruse

DebKruse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I removed Mcafees and it wants to hang continously. It did before removale too.
Logfile of HijackThis v1.99.1
Scan saved at 2:46:03 PM, on 1/1/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Default\Desktop\hijackthis\HijackThis.exe
C:\Documents and Settings\Default\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (disabled by BHODemon)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zlclient.exe
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Starter.lnk = C:\WINDOWS\SYSTEM32\starter.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~5\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166148989729
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator....ndle33v1d12.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
  • 0

#4
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Please explain in detail what your problem is

do this first

Download Superantispyware

http://www.superanti...efreevspro.html

Install it and double-click the icon on your desktop to run it.
· It will ask if you want to update the program definitions, click Yes.
· Under Configuration and Preferences, click the Preferences button.
· Click the Scanning Control tab.
· Under Scanner Options make sure the following are checked:
o Close browsers before scanning
o Scan for tracking cookies
o Terminate memory threats before quarantining.
o Please leave the others unchecked.
o Click the Close button to leave the control center screen.
· On the main screen, under Scan for Harmful Software click Scan your computer.
· On the left check C:\Fixed Drive.
· On the right, under Complete Scan, choose Perform Complete Scan.
· Click Next to start the scan. Please be patient while it scans your computer.
· After the scan is complete a summary box will appear. Click OK.
· Make sure everything in the white box has a check next to it, then click Next.
· It will quarantine what it found and if it asks if you want to reboot, click Yes.
· To retrieve the removal information for me please do the following:
o After reboot, double-click the SUPERAntispyware icon on your desktop.
o Click Preferences. Click the Statistics/Logs tab.
o Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
o It will open in your default text editor (such as Notepad/Wordpad).
o Please highlight everything in the notepad, then right-click and choose copy.
· Click close and close again to exit the program.
· Please paste that information here for me with a new HijackThis log.
  • 0

#5
DebKruse

DebKruse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
after 13 hours still scanning.
  • 0

#6
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Stop it

Download AVG Anti-Spyware from http://www.ewido.net/en/download/ and save that file to your desktop. Note: This is NOT the Anti Virus from AVG.

When the trial period expires it becomes feature-limited freeware but is still worth keeping as a good on-demand scanner.
1. Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double click it to launch the set up program.
2. Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
3. On the main screen select the icon "Update" then select the "Update now" link.
o Next select the "Start Update" button. The update will start and a progress bar will show the updates being installed.
4. Once the update has completed, select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
6. Under "Reports"
o Select "Automatically generate report after every scan"
o Un-Select "Only if threats were found"
Close AVG Anti-Spyware. Do Not run a scan just yet, we will run it in safe mode.
1. Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning as it may interfere with the scanning process:
2. Launch AVG Anti-Spyware by double clicking the icon on your desktop.
3. Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
4. AVG will now begin the scanning process. Please be patient as this may take a little time.
Once the scan is complete, do the following:
5. If you have any infections you will be prompted. Then select "Apply all actions."
6. Next select the "Reports" icon at the top.
7. Select the "Save report as" button in the lower lef- hand of the screen and save it to a text file on your system (make sure to remember where you saved that file. This is important).
8. Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the log from AVG and a new HiJack log
  • 0

#7
DebKruse

DebKruse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It still hangs alot. It says not responding a lot also. Found Trojan SSMALL everything quarantined except can't get BTIEIN to do anything. Heres scans ran another scan after quaRANTINE ALL RESULTS FOUND NOTHING. (SORRY)Heres scans;Logfile of HijackThis v1.99.1
Scan saved at 8:55:46 AM, on 1/6/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Documents and Settings\Default\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (disabled by BHODemon)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: Starter.lnk = C:\WINDOWS\SYSTEM32\starter.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~5\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166148989729
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator....ndle33v1d12.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

AVG scanAVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:19:33 AM 1/6/2007

+ Scan result:



G:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Xcite.dll -> Adware.BrowsePal : Cleaned with backup (quarantined).
C:\RECYCLER\S-1-5-21-2000478354-1677128483-1202660629-1004\Dc21.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C10963F0-C232-48D7-B0F9-F3412404BCCE}\RP112\A0015720.dll -> Adware.EZula : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\Xcite.exe -> Adware.F1Organizer : Cleaned with backup (quarantined).
G:\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL -> Adware.FunWeb : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\IESkins -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\HostOI\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\HostOI\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\HostOL\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\HostOL\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056813.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066422.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067199.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1139319.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383602.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383623.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384083.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384157.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385364.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386045.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387587.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\146530.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\344723.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\499954.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\513144.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\617202.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\625696.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\669733.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\670828.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\698191.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\737654.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\784578.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\804459.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\805478.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\819382.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\832459.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\834689.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\bstat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\dynamic\ustat\2fbd.dat -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles2.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles2_Bubbles2.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\bubbles_Bubbles.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\samplegroups2.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_premium.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_searchgo.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_weather.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_yellowpages.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\Top7_theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles2.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles2_Bubbles2.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\bubbles_Bubbles.bbl -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\business_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\buttondir.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\components.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_1000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_2000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_3000.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bar.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar1.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar10.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar11.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar12.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar13.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar14.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar3.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar4.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar5.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar6.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar7.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar8.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_bbar9.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_logos.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_other.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\d_icons_buttons_x.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\default.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\email-t1-bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbar_promo.htm -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\hotbarcom.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\icons2.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_idx.idx -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\keywords_sdf.sdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\layout.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\linkpathlegal.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\progress.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\s_icons_buttons.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\samplegroups2.txt -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\t2_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\theweb.mnu -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\top7.cdf -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\2\tsd_bg.res -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\bubbles.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\bubbles2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip -> Adware.HotBar : Cleaned with backup (quarantined).
C:\Documents and Settings\Kristen Baughman\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Common -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Common\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Common\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostIE -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostIE\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostOE -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostOE\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostOI -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostOI\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostOL -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Time\HostOL\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hostol -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hostol\Mail -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hostol\Updates -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hostol\links -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\1800communications_pop1 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\1800communications_pop2 -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\4checks_fp_popsb -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\800flowers_targ -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_4dealsaddynewswe_a_weatfla_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_aharhhome_b_720x300_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_aharhprice_b_720x300_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_aharhreales_b_720x300_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_aharhretail_b_720x300_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_amermedsaddymen_a_250x250_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_amerretaddyre_a_flash_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_aucsrcxconnaucho_b_auction_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_automoticonnapril_a_auto_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_cheaptksbeytravel_a_5cre250_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_endwtest_a_bidz_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_etradeconnloans_a_finance_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_ezmedsaddyhealth_a_men_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_mcafeeaddysoft_a_420x420_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_memspeedconndslcom_a_cmptrs_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_nortonconnsoft_a_softwar_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_sharpnetaddyopen_b_classif_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_sharpnetaddyopen_b_entert2_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_sharpnetaddyopen_b_enterta_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_sharpnetaddyopen_b_weather_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_snapfishtarg_a_bdreg_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_snapfishtarg_a_reg_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_udatemwtarg_b_350_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_variousadv_a_topport_lbr -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ab_variousadv_b_topport_lbr -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\aclens -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\ameriquest_fp_pop -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\answerfin_auto -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_business_finance -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_media_casino -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_media_msn_canada -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_media_msn_us -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_news -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_shopping -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_tech -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bane_top_sites -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\banedownloads_canada -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\banedownloads_us -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\basicres_fp_zotril -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\bingodiner_fp_targ -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\compareinterest_fp_genfin -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\confidentialpharmacy -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\cs_1800comm0103_b_3creativ_put -> Adware.HotBar : Cleaned with backup (quarantined).
HKU\S-1-5-21-2000478354-1677128483-1202660629-500\Software\Hotbar\hotbar\BubbleMsg\Group\cs_800commmay_c_oal_put -> A
  • 0

#8
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply with a new Hijack log.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#9
DebKruse

DebKruse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
HeDefault - 07-01-06 23:42:26.11 Service Pack 1
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Default\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-12-06 to 2007-01-06 ))))))))))))))))))))))))))))))))))


2007-01-05 19:32 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2007-01-04 22:46 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2007-01-04 22:44 51,072 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhlayer.sys
2007-01-04 22:44 30,592 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\ikhfile.sys
2007-01-04 22:41 <DIR> d-------- C:\Program Files\Spyware Doctor
2007-01-04 22:41 <DIR> d-------- C:\Documents and Settings\Default\Application Data\PC Tools
2007-01-02 20:38 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-01-02 20:38 <DIR> d-------- C:\Documents and Settings\Default\Application Data\SUPERAntiSpyware.com
2007-01-02 20:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-01-01 01:25 <DIR> d-------- C:\Documents and Settings\Default\Application Data\AVG7
2007-01-01 01:23 <DIR> d-------- C:\Program Files\Grisoft
2007-01-01 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
2006-12-30 22:52 <DIR> d-------- C:\Program Files\Common Files\Scanner
2006-12-30 22:52 <DIR> d-------- C:\Program Files\ComcastToolbar
2006-12-30 22:04 <DIR> d-------- C:\WINDOWS\SYSTEM32\ODCTOOLS
2006-12-29 18:39 <DIR> d-------- C:\$WIN_NT$.~BT
2006-12-29 18:36 <DIR> d-------- C:\WINDOWS\setupupd
2006-12-18 18:01 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2006-12-17 12:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2006-12-17 12:44 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
2006-12-17 12:42 <DIR> d-------- C:\Program Files\Common Files\AOL
2006-12-17 12:42 <DIR> d-------- C:\Program Files\AIM6
2006-12-17 12:41 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL Downloads
2006-12-15 00:57 127,208 --a------ C:\WINDOWS\SYSTEM32\mucltui.dll
2006-12-14 23:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2006-12-13 07:18 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
2006-12-12 20:55 <DIR> d-------- C:\Documents and Settings\Default\Application Data\Lavasoft
2006-12-12 08:24 <DIR> d-------- C:\WINDOWS\Minidump
2006-12-12 08:18 <DIR> d-------- C:\Documents and Settings\Default\Application Data\McAfee.com Personal Firewall
2006-12-12 08:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com Personal Firewall
2006-12-11 23:31 <DIR> d-------- C:\Program Files\McAfee.com
2006-12-11 23:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee.com


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-02 20:28 -------- d-a------ C:\Program Files\Common Files
2006-12-29 17:24 -------- d-------- C:\Program Files\Support.com
2006-12-29 10:02 -------- d-------- C:\Program Files\Picture Navigator
2006-12-27 22:03 -------- d-------- C:\Program Files\AIM95
2006-12-17 12:39 -------- d-------- C:\Documents and Settings\Default\Application Data\Aim
2006-12-15 00:57 -------- d--h----- C:\Program Files\WindowsUpdate
2006-12-14 23:11 -------- dr------- C:\Program Files\Windows Media Player
2006-12-14 23:11 -------- d-------- C:\Documents and Settings\Default\Application Data\Identities
2006-12-12 20:54 -------- d-------- C:\Program Files\Lavasoft
2006-12-10 13:53 -------- d-------- C:\Program Files\Viewpoint
2006-11-17 03:43 -------- dr------- C:\Program Files\Outlook Express
2006-11-17 03:43 -------- d-------- C:\Program Files\Common Files\SYSTEM
2006-11-17 03:30 -------- d-------- C:\Program Files\Messenger
2006-11-13 10:54 -------- d-------- C:\Program Files\MSN Toolbar
2006-11-13 10:54 -------- d-------- C:\Program Files\MSN Apps
2006-11-13 09:40 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-13 09:40 -------- d-------- C:\Program Files\ANI
2006-11-13 09:37 -------- d-------- C:\Program Files\D-Link
2006-11-09 00:16 -------- dr------- C:\Program Files\NetMeeting
2006-11-09 00:05 -------- d-------- C:\Program Files\Internet Explorer
2006-11-09 00:04 -------- dr------- C:\Program Files\Common Files\Microsoft Shared
2006-10-11 13:07 252752 --a------ C:\WINDOWS\SYSTEM32\odc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ComcastSUPPORT"="C:\\Program Files\\Support.com\\bin\\tgkill.exe /cleaneahtioga /start"
"D-Link AirPlus G"="C:\\Program Files\\D-Link\\AirPlus G\\AirGCFG.exe"
"ANIWZCS2Service"="C:\\Program Files\\ANI\\ANIWZCS2 Service\\WZCSLDR2.exe"
"msnappau"="\"C:\\Program Files\\MSN Apps\\Updater\\01.02.0002.1001\\en-us\\msnappau.exe\""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"NAV485A"="C:\\WINDOWS\\System32\\regsvr32.exe /s c:\\PROGRA~1\\NORTON~1\\NAVResc.dll"
"NAV428"="C:\\WINDOWS\\System32\\regsvr32.exe /s c:\\PROGRA~1\\NORTON~1\\NAVResc.dll"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"_NoDriveTypeAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"_NoDriveTypeAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"TaskMonitor"="c:\\windows\\taskmon.exe"
"Aureal A3D Interactive Audio Init"="A3dInit.exe"
"Service Connection"="c:\\cpqs\\bwtools\\sccenter.exe"
"AvconsoleEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\avconsol.exe /minimize"
"VsecomrEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\VSECOMR.EXE"
"Vshwin32EXE"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\VSHWIN32.EXE"
"VsStatEXE"="C:\\Program Files\\Network Associates\\McAfee VirusScan\\VSSTAT.EXE /SHOWWARNING"
"McAfeeWebScanX"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\WebScanX.Exe"
"CPQEASYACC"="C:\\Program Files\\Compaq\\Easy Access Button Support\\cpqeadm.exe"
"EACLEAN"="C:\\Program Files\\Compaq\\Easy Access Button Support\\eaclean.exe"
"OEMCLEANUP"="C:\\windows\\OPTIONS\\oemreset.exe"
"MotiveMonitor"="C:\\Program Files\\Motive\\MotiveAssistant\\motmon.exe"
"CPQInet Runtime Service"="c:\\compaq\\CPQInet\\CpqInet.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"ccApp"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"ccRegVfy"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"HP Lamp"="\"C:\\Program Files\\Hewlett-Packard\\HP PrecisionScan\\PrecisionScan Pro\\hplamp.exe\""
"HPSCANMonitor"="c:\\windows\\SYSTEM\\hpsjvxd.exe"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM32\\STIMON.EXE"
"AVG_CC"="C:\\PROGRA~1\\GRISOFT\\AVG6\\avgcc32.exe /STARTUP"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\setup\disabledrunkeys]
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"CMESys"="\"C:\\PROGRAM FILES\\COMMON FILES\\CMEII\\CMESYS.EXE\""
"NAV CfgWiz"="c:\\PROGRA~1\\NORTON~1\\CFGWIZ.EXE /R"
"ComcastSUPPORT"="C:\\Program Files\\Support.com\\bin\\tgkill.exe /cleaneahtioga /start"
"LoadQM"="loadqm.exe"
"LWBMOUSE"="C:\\Program Files\\Browser Mouse\\Browser Mouse\\1.1\\MOUSE32A.EXE"
"Hot Key Kbd Daemon"="SKDAEMON.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"StillImageMonitor"="C:\\WINDOWS\\SYSTEM32\\STIMON.EXE"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-]
"SchedulingAgent"="mstask.exe"
"Aureal A3D Interactive Audio"="sa3dsrv.exe"
"CPQDFWAG"="C:\\WINDOWS\\cpqdiag\\CpqDfwAg.exe"
"Vshwin32EXE"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\VSHWIN32.EXE"
"McAfeeWebScanX"="C:\\PROGRAM FILES\\NETWORK ASSOCIATES\\MCAFEE VIRUSSCAN\\WebScanX.Exe /RUNSERVICES"
"isdbdc"="c:\\compaq\\internet\\isdbdc.exe"
"HC Reminder"="hc.exe"
"Hidserv"="Hidserv.exe run"
"ccEvtMgr"="\"c:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe\""
"ScriptBlocking"="\"C:\\Program Files\\Common Files\\Symantec Shared\\Script Blocking\\SBServ.exe\" -reg"
"LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Date Manager.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Date Manager.lnk"
"backup"="C:\\WINDOWS\\pss\\Date Manager.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Date Manager\\DateManager.exe "
"item"="Date Manager"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eBay Toolbar.LNK]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\eBay Toolbar.LNK"
"backup"="C:\\WINDOWS\\pss\\eBay Toolbar.LNKCommon Startup"
"location"="Common Startup"
"command"="C:\\WINDOWS\\DOWNLO~1\\CONFLICT.1\\eBayTBar.exe "
"item"="eBay Toolbar"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\GStartup.lnk"
"backup"="C:\\WINDOWS\\pss\\GStartup.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Common Files\\GMT\\GMT.exe /startup"
"item"="GStartup"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KeenValue.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\KeenValue.lnk"
"backup"="C:\\WINDOWS\\pss\\KeenValue.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\Program Files\\Common Files\\KeenValue\\keenvalue.exe "
"item"="KeenValue"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Amy Niezer^Start Menu^Programs^Startup^Forget Me Not Reminders.lnk]
"path"="C:\\Documents and Settings\\Amy Niezer\\Start Menu\\Programs\\Startup\\Forget Me Not Reminders.lnk"
"backup"="C:\\WINDOWS\\pss\\Forget Me Not Reminders.lnkStartup"
"location"="Startup"
"command"="C:\\CACARD\\FMREMIND.EXE -s"
"item"="Forget Me Not Reminders"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="InCD"
"hkey"="HKLM"
"command"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msnmsgr"
"hkey"="HKCU"
"command"="\"c:\\Program Files\\MSN Messenger\\msnmsgr.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\System32\\\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PopUpStopperFreeEdition]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSFree"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Panicware\\Pop-Up Stopper Free Edition\\PSFree.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyHunter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpyHunter"
"hkey"="HKLM"
"command"="C:\\Program Files\\SpyHunter\\SpyHunter.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpyKiller]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="spykiller"
"hkey"="HKCU"
"command"="C:\\Program Files\\SpyKiller\\spykiller.exe /startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="WEATHER"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\AWS\\WEATHE~1\\WEATHER.EXE 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\websearch]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="websearch\""
"hkey"="HKLM"
"command"="wjview /cp:p \"C:\\Program Files\\websearch\\System\\Code\" Main lp: \"C:\\Program Files\\websearch\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ERSvc"=dword:00000002
"Alerter"=dword:00000003

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Maintenance-Disk cleanup.job
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job
C:\WINDOWS\tasks\Tune-up Application Start.job
C:\WINDOWS\tasks\Uninstall Expiration Reminder.job

Completion time: 07-01-06 23:56:43.59
C:\ComboFix.txt ... 07-01-06 23:56
C:\ComboFix2.txt ... 07-01-06 23:25
Here is COMBOFIX report
Logfile of HijackThis v1.99.1
Scan saved at 07:42, on 07-01-07
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Default\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (disabled by BHODemon)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: Starter.lnk = C:\WINDOWS\SYSTEM32\starter.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~5\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166148989729
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator....ndle33v1d12.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
  • 0

#10
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

I dont see much many signs of malwar. do you have this program Creative Labs Ensoniq Mixer ?

What are the main problems with the machine right now?
  • 0

#11
DebKruse

DebKruse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
If I have that program I cant find where it is at. One of our computers has it. But, it has been on it since we got computer. The problem-- when I click to do anything, 9 out of 10 times it hangs and says NOT RESPONDING. Most times you go to next thing to click then the last on reacts. So you have to be one step ahead to do the step you want now. It just hangs alot. Which spyware should I remove. Now there are several on there cause every time I reply, I was asked to load a different one. I don't think I need all of them at once. Yoour help greatly appreciated. Deb
  • 0

#12
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Lets get rid of a few things. Let me know how the computer runs in safe mode too.


Print these directions out or save them to notepad for us while in safe mode.

click >>start>>control panel >>add/remove programs and uninstall the following if present:
Viewpoint
KeenValue
GMT or Claria
SpyHunter
SpyKiller

Spyware doctor If you paid for it then dont uninstall it

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

Browse for and delete any of these folders
C:\Program files\Viewpoint
C:\Program files\KeenValue
C:\Program files\GMT or Claria
C:\Program files\SpyHunter
C:\Program files\SpyKiller
C:\Program files\Spyware doctor If you didnt uninstall then dont delete


Go to start >>> run then type in msconfig

Click the startup tab...then make sure every entry is checked.

Reboot and post a new Hijack log
  • 0

#13
DebKruse

DebKruse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Looked for all these files. Found none of them in Add/remove programs. Looked in program files and only Spy Doctor. Did see them in the HIJACK This. Also saw some of them in the startup files. Several are there. Ready for next moove. Thank you for your time. Deb
  • 0

#14
DebKruse

DebKruse

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Logfile of HijackThis v1.99.1
Scan saved at 22:54, on 07-01-09
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\AIM6\aim6.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Default\Desktop\hijackthis\HijackThis.exe
C:\Documents and Settings\Default\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.comcast.n...lbar2.0/search/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.presar...c...bar&LC=0409
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.n...lbar2.0/search/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.comcast.net/
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll (file missing)
O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (disabled by BHODemon)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~1\COMCAS~1.DLL
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ComcastSUPPORT] C:\Program Files\Support.com\bin\tgkill.exe /cleaneahtioga /start
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0002.1001\en-us\msnappau.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [websearch] wjview /cp:p "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
O4 - Startup: Starter.lnk = C:\WINDOWS\SYSTEM32\starter.exe
O4 - Global Startup: Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe
O4 - Global Startup: eBay Toolbar.LNK = ?
O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~5\OFFICE11\REFIEBAR.DLL (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.micr...ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166148989729
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse....eX/FileXfer.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai...5/Installer.exe
O16 - DPF: {DBAE7000-01EC-4162-8FEB-8A27AC937CA0} - http://webpdp.gator....ndle33v1d12.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...350/mcfscan.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

I' m sorry--forgot to post hijack this files.
  • 0

#15
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hi :whistling:

Please run a scan with HijackThis and check the following lines for removal:


O2 - BHO: IEWatchObj Class - {9527D42F-D666-11D3-B8DD-00600838CD5F} - C:\WINDOWS\SYSTEM32\IETie.dll (disabled by BHODemon)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\SpyHunter\SpyHunter.exe
O4 - Startup: Starter.lnk = C:\WINDOWS\SYSTEM32\starter.exe
O4 - Global Startup: KeenValue.lnk = C:\Program Files\Common Files\KeenValue\keenvalue.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll (file missing)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Exit HijackThis.

Reboot

Let me know if you still have the constant hanging problems

:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP