Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

HELP HELP Error message: C:\WINNT\system32\wwsqyadp.dll

Started by newcomer21 , Mar 08 2008 05:09 PM

  • This topic is locked This topic is locked

#1
newcomer21
Posted 08 March 2008 - 05:09 PM

newcomer21

    Member

  • Member
  • PipPipPip
  • 121 posts
Have most of the items cleared still need help


:) :)

Here are my logs.



1st Super Anitspyware log:



SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/06/2008 at 10:28 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 02:48:05

Memory items scanned : 437
Memory threats detected : 0
Registry items scanned : 5848
Registry threats detected : 881
File items scanned : 88387
File threats detected : 317

Adware.MyWay
HKLM\Software\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}\InProcServer32
C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL
HKLM\Software\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC}\TypeLib
HKLM\Software\Microsoft\Internet Explorer\Toolbar#{0494D0D9-F8E0-41ad-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41ad-92A3-14154ECE70AC}\1.0\HELPDIR
HKCR\CLSID\{014DA6C9-189F-421A-88CD-07CFE51CFF10}
HKCR\MyWayToolBar.NetscapeShutdown
HKCR\MyWayToolBar.NetscapeShutdown\CLSID
HKCR\MyWayToolBar.NetscapeShutdown\CurVer
HKCR\MyWayToolBar.NetscapeShutdown.1
HKCR\MyWayToolBar.NetscapeShutdown.1\CLSID
HKCR\MyWayToolBar.NetscapeStartup
HKCR\MyWayToolBar.NetscapeStartup\CLSID
HKCR\MyWayToolBar.NetscapeStartup\CurVer
HKCR\MyWayToolBar.NetscapeStartup.1
HKCR\MyWayToolBar.NetscapeStartup.1\CLSID
HKCR\MyWayToolBar.SettingsPlugin
HKCR\MyWayToolBar.SettingsPlugin\CLSID
HKCR\MyWayToolBar.SettingsPlugin\CurVer
HKCR\MyWayToolBar.SettingsPlugin.1
HKCR\MyWayToolBar.SettingsPlugin.1\CLSID
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}
HKCR\CLSID\{014DA6CD-189F-421a-88CD-07CFE51CFF10}\InProcServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D2-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D3-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D5-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0D7-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Control
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\InprocServer32#ThreadingModel
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\MiscStatus\1
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\ProgID
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Programmable
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\TypeLib
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\Version
HKCR\CLSID\{0494D0DB-F8E0-41ad-92A3-14154ECE70AC}\VersionIndependentProgID
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#strings
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevision
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Way Speedbar Uninstall#UrlInfoAbout

Adware.Vundo Variant
HKLM\Software\Classes\CLSID\{3A5E2257-714A-4DF6-9E94-F9F7F7215D32}
HKCR\CLSID\{3A5E2257-714A-4DF6-9E94-F9F7F7215D32}
HKCR\CLSID\{3A5E2257-714A-4DF6-9E94-F9F7F7215D32}\InprocServer32
HKCR\CLSID\{3A5E2257-714A-4DF6-9E94-F9F7F7215D32}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\MLLJI.DLL
HKLM\Software\Classes\CLSID\{86B7261F-0820-4523-9E2D-5626CDA42158}
HKCR\CLSID\{86B7261F-0820-4523-9E2D-5626CDA42158}
HKCR\CLSID\{86B7261F-0820-4523-9E2D-5626CDA42158}\InprocServer32
HKCR\CLSID\{86B7261F-0820-4523-9E2D-5626CDA42158}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\MLLJH.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{86B7261F-0820-4523-9E2D-5626CDA42158}

Trojan.NewDotNet
HKLM\Software\Classes\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}
HKCR\CLSID\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E}\InprocServer32
HKCR\Tldctl2.URLLink
HKCR\Tldctl2.URLLink\CLSID
HKCR\Tldctl2.URLLink\CurVer
HKCR\Tldctl2.URLLink.1
HKCR\Tldctl2.URLLink.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayIcon
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#DisplayVersion
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#Publisher
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLInfoAbout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#HelpLink
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#URLUpdateInfo
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMajor
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\New.net#VersionMinor
HKLM\Software\New.net
HKLM\Software\New.net#Activity
HKLM\Software\New.net#InstalledVersion
HKLM\Software\New.net#InstalledPath
HKLM\Software\New.net#Tag
HKLM\Software\New.net#DiscardTag
HKLM\Software\New.net#FirstTime
HKLM\Software\New.net#Source
HKLM\Software\New.net#Prt
HKLM\Software\New.net#LSPStatus
HKLM\Software\New.net#NextUpgradeHi
HKLM\Software\New.net#NextUpgradeLo
HKLM\Software\New.net#UpgradeCounter
HKLM\Software\New.net#Search
HKLM\Software\New.net#Complete
HKLM\Software\Microsoft\Windows\CurrentVersion\Run#New.net Startup [ rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,ClientStartup -s ]

Adware.SearchTool
HKLM\Software\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}
HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}
HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}
HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\Implemented Categories
HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\InprocServer32
HKCR\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D7}\InprocServer32#ThreadingModel
C:\WINNT\SYSTEM32\SEARCHTOOL\SEARCHTOOL.DLL

Browser Hijacker.Internet Explorer Zone Hijack
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmirar.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\click#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mirarsearch.com\redirect#https
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#http
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\net-nucleus.com\awbeta#https

Adware.Tracking Cookie
C:\Documents and Settings\Band\Cookies\band@1058967895[1].txt
C:\Documents and Settings\Band\Cookies\[email protected][2].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\[email protected][2].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\band@adbrite[2].txt
C:\Documents and Settings\Band\Cookies\band@1070297166[1].txt
C:\Documents and Settings\Band\Cookies\band@apmebf[1].txt
C:\Documents and Settings\Band\Cookies\band@revenue[1].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\band@clickbank[1].txt
C:\Documents and Settings\Band\Cookies\band@questionmarket[2].txt
C:\Documents and Settings\Band\Cookies\band@casalemedia[1].txt
C:\Documents and Settings\Band\Cookies\band@atdmt[1].txt
C:\Documents and Settings\Band\Cookies\band@findwhat[1].txt
C:\Documents and Settings\Band\Cookies\band@overture[1].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\band@1061703538[1].txt
C:\Documents and Settings\Band\Cookies\band@upspiral[1].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\band@doubleclick[2].txt
C:\Documents and Settings\Band\Cookies\band@1069557384[1].txt
C:\Documents and Settings\Band\Cookies\band@1068632132[1].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\band@specificclick[2].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@247realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad-logics[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ad-rag[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@addynamix[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adecn[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adknowledge[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adlegend[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@admarketplace[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adorigin[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@advertising[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@apmebf[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@atwola[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@azjmp[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bannerspace[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@banner[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bigbanners[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bizrate[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@bluestreak[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@casalemedia[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickability[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickagents[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@clickbank[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cliks[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@commission-junction[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@coolsavings[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@cpvfeed[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@dealtime[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@directtrack[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@emarketmakers[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@exitexchange[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@ez-tracks[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@focalex[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@fortunecity[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hotbar[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@hurricanedigitalmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@indextools[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@inqwire[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@interclick[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@kanoodle[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@leadgenetwork[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linkstattrack[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@linksynergy[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@maxserving[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@metareward[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@nextag[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@offeroptimizer[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@onlinerewardcenter[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@optimost[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pacificpoker[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partner2profit[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@partypoker[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@pro-market[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qksrv[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@qnsr[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@questionmarket[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@realmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@regalinteractive[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revenue[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@rightmedia[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@roiservice[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@screensaver[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@soundtrack[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@spamblockerutility[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@starware[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@stats-tracking[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@targetnet[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tracking[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@tripod[1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@valueclick[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@winfixer[2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][3].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@xxxbookies[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yfdmedia[2].txt
C:\Documents and Settings\Administrator\Cookies\administrator@yieldmanager[1].txt
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Cookies\[email protected][2].txt
C:\Documents and Settings\Band\Cookies\[email protected][4].txt
C:\Documents and Settings\Band\Cookies\[email protected][2].txt
C:\Documents and Settings\Band\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Local Settings\Temp\Cookies\band@adknowledge[2].txt
C:\Documents and Settings\Band\Local Settings\Temp\Cookies\band@atdmt[1].txt
C:\Documents and Settings\Band\Local Settings\Temp\Cookies\band@doubleclick[1].txt
C:\Documents and Settings\Band\Local Settings\Temp\Cookies\band@fastclick[2].txt
C:\Documents and Settings\Band\Local Settings\Temp\Cookies\[email protected][1].txt
C:\Documents and Settings\Band\Local Settings\Temp\Cookies\band@mywebsearch[2].txt
C:\Documents and Settings\NetworkService\Cookies\network service@overture[1].txt
C:\WINNT\system32\config\systemprofile\Cookies\system@mywebsearch[2].txt

Adware.Starware
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\Implemented Categories
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\Implemented Categories\{00021494-0000-0000-C000-000000000046}
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\InprocServer32
HKCR\CLSID\{2D51D869-C36B-42BD-AE68-0A81BC771FA5}\InprocServer32#ThreadingModel
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\Implemented Categories
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\Implemented Categories\{00021493-0000-0000-C000-000000000046}
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\InprocServer32
HKCR\CLSID\{7BED0340-176B-44BC-915E-C21C1DD6F617}\InprocServer32#ThreadingModel

Adware.WhenU
HKCR\AppId\{127DF9B4-D75D-44A6-AF78-8C3A8CEB03DB}
HKCR\AppId\ACM.DLL
HKCR\AppId\ACM.DLL#AppID
HKLM\Software\WhenUSearch
HKLM\Software\WhenUSearch#InstallDir
HKLM\Software\WhenUSearch#Version
HKLM\Software\WhenUSearch#pats_url
HKLM\Software\WhenUSearch#pat_chunks_url
HKLM\Software\WhenUSearch#update_url
HKLM\Software\WhenUSearch#ziptomsa_url
HKLM\Software\WhenUSearch#iptomsa_url
HKLM\Software\WhenUSearch#coupondataurl
HKLM\Software\WhenUSearch#InstallTime
HKLM\Software\WhenUSearch#zip
HKLM\Software\WhenUSearch#newuser_rs
HKLM\Software\WhenUSearch#startTime_rs
HKLM\Software\WhenUSearch#db_script_update
HKLM\Software\WhenUSearch#HeartbeatTime
HKLM\Software\WhenUSearch#flagCR_rs
HKLM\Software\WhenUSearch#readingTime_rs
HKLM\Software\WhenUSearch#script_url
HKLM\Software\WhenUSearch#searchdataurl
HKLM\Software\WhenUSearch#showSplash
HKLM\Software\WhenUSearch#uiupdate_url
HKLM\Software\WhenUSearch#db_stamp_rs
HKLM\Software\WhenUSearch#db_server_update
HKLM\Software\WhenUSearch#IPToMsaTime_rs
HKLM\Software\WhenUSearch#sliderThemes
HKLM\Software\WhenUSearch#themesSliderBgAlt
HKLM\Software\WhenUSearch#themesSliderBgPulse
HKLM\Software\WhenUSearch#MSA
HKLM\Software\WhenUSearch#db_ver_update
HKLM\Software\WhenUSearch\Partners
HKLM\Software\WhenUSearch\Partners\desktop
HKLM\Software\WhenUSearch\Partners\desktop#LastPartner
HKLM\Software\WhenUSearch\Partners\desktop#Partner
HKLM\Software\WhenUSearch\Partners\desktop#InstallTime
HKLM\Software\WhenUSearch\Partners\desktop#PartnerDesc
HKLM\Software\WhenUSearch\Partners\desktop#uitoken
HKLM\Software\WhenUSearch\Partners\desktop#Options
HKLM\Software\WhenUSearch\WHSE
HKLM\Software\WhenUSearch\WHSE#Installed_rs
HKLM\Software\WhenUSearch\WHSE#uiver_rs
HKLM\Software\WhenUSearch\WHSE#exitsurvey_url
HKLM\Software\WhenUSearch\WHSE#Partner
HKLM\Software\WhenUSearch\WHSE#LastPartner
HKLM\Software\WhenUSearch\WHSE#InstallTime
HKLM\Software\WhenUSearch\WHSE#showSplash
HKLM\Software\WhenUSearch\WHSE#uitoken
HKLM\Software\WhenUSearch\WHSE#searchAttempts
HKLM\Software\WhenUSearch\WHSE#bidtxtClicks
HKLM\Software\WhenUSearch\WHSE#akwdClicks
HKCR\WUSE.1
HKCR\WUSE.1#WUSE_Id
HKCR\CLSID\{763BD795-24AE-44d7-82D8-F9A1EE799729}
HKCR\CLSID\{763BD795-24AE-44d7-82D8-F9A1EE799729}\LocalServer32
C:\Documents and Settings\Band\Start Menu\Programs\WhenU\Learn More About WhenU Save.url
C:\Documents and Settings\Band\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url
C:\Documents and Settings\Band\Start Menu\Programs\WhenU\WhenU.com Website.url
C:\Documents and Settings\Band\Start Menu\Programs\WhenU
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\SAVEINSTWM.EXE

Adware.SurfSideKick
HKLM\Software\SurfSideKick3
HKLM\Software\SurfSideKick3\Internet Explorer
HKLM\Software\SurfSideKick3\Internet Explorer#PInfo
C:\Documents and Settings\Band\Application Data\Sskknwrd.dll
C:\DOCUMENTS AND SETTINGS\BAND\LOCAL SETTINGS\TEMP\I41.TMP

Adware.IST/ISTBar (Slotch Bar)
HKLM\Software\ISTsvc
HKLM\Software\ISTsvc#version
HKLM\Software\ISTsvc#app_name
HKLM\Software\ISTsvc#popup_url
HKLM\Software\ISTsvc#update_url
HKLM\Software\ISTsvc#config_url
HKLM\Software\ISTsvc#ui
HKLM\Software\ISTsvc#popup_initial_delay
HKLM\Software\ISTsvc#popup_count
HKLM\Software\ISTsvc#popup_day_count
HKLM\Software\ISTsvc#popup_day_limit
HKLM\Software\ISTsvc#update_count
HKLM\Software\ISTsvc#update_version
HKLM\Software\ISTsvc#config_count
HKLM\Software\ISTsvc#account_id
HKLM\Software\ISTsvc#app_date
HKLM\Software\ISTsvc#popup_interval
HKLM\Software\ISTsvc#popup_last
HKLM\Software\ISTsvc#update_interval
HKLM\Software\ISTsvc#update_last
HKLM\Software\ISTsvc#config_interval
HKLM\Software\ISTsvc#config_last
HKLM\Software\ISTsvc\history
HKLM\Software\ISTsvc\history#127716890553593750
HKLM\Software\ISTsvc\history#127719508126776250
HKLM\Software\ISTsvc\history#127720047187935000
HKLM\Software\ISTsvc\history#127722346360362500
HKLM\Software\ISTsvc\history#127728379304958750
HKLM\Software\ISTsvc\history#127729001991972500
HKLM\Software\ISTsvc\history#127729981846562500
HKLM\Software\ISTsvc\history#127730737245396250
HKLM\Software\ISTsvc\history#127730964461718750
HKLM\Software\ISTsvc\history#127731606575378750
HKLM\Software\ISTsvc\history#127734459638987500
HKLM\Software\ISTsvc\history#127735104940115000
HKLM\Software\ISTsvc\history#127735342017981250
HKLM\Software\ISTsvc\history#127735479447338750
HKLM\Software\ISTsvc\history#127735929272282500
HKLM\Software\ISTsvc\history#127736161684883750
HKLM\Software\ISTsvc\history#127736327580890000
HKLM\Software\ISTsvc\history#127736819406505463
HKLM\Software\ISTsvc\history#127736970448530000
HKLM\Software\ISTsvc\history#127737164408902500
HKLM\Software\ISTsvc\history#127737634861497500
C:\Program Files\ISTsvc
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main#BandRest [ Never ]

Adware.180solutions/Search Assistant
HKCR\MediaGateway.Installer
HKCR\MediaGateway.Installer\CLSID
HKCR\MediaGateway.Installer\CurVer
HKCR\MediaGatewayX.Installer
HKCR\MediaGatewayX.Installer\CLSID
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\ProxyStubClsid32
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib
HKCR\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9}\TypeLib#Version
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\ProxyStubClsid32
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib
HKCR\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD}\TypeLib#Version
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\ProxyStubClsid32
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib
HKCR\Interface\{F1F1E775-1B21-454D-8D38-7C16519969E5}\TypeLib#Version
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}#AppID
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\LocalServer32
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\ProgID
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\TypeLib
HKCR\CLSID\{1E5F0D38-214B-4085-AD2A-D2290E6A2D2C}\VersionIndependentProgID
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\DEL26.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RES27.TMP
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\RES32.TMP

Adware.Surf Accuracy
HKLM\Software\SAcc
HKLM\Software\SAcc#accid
HKLM\Software\SAcc#subaccid
HKLM\Software\SAcc#Version
HKLM\Software\SAcc#DbgInfo
HKLM\Software\SAcc#CfgReload
HKLM\Software\SAcc#SAData
HKLM\Software\SAcc#Counter
HKLM\Software\SAcc#NextInvoke

Adware.180solutions/ZangoSearch
HKCR\ClientAX.ClientInstaller
HKCR\ClientAX.ClientInstaller\CLSID
HKCR\ClientAX.ClientInstaller\CurVer
HKCR\ClientAX.ClientInstaller.1
HKCR\ClientAX.ClientInstaller.1\CLSID
HKCR\ClientAX.RequiredComponent
HKCR\ClientAX.RequiredComponent\CLSID
HKCR\ClientAX.RequiredComponent\CurVer
HKCR\ClientAX.RequiredComponent.1
HKCR\ClientAX.RequiredComponent.1\CLSID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\InprocServer32#ThreadingModel
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\MiscStatus\1
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ProgID
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\ToolboxBitmap32
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\TypeLib
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\Version
HKCR\CLSID\{0AC49246-419B-4EE0-8917-8818DAAD6A4E}\VersionIndependentProgID
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\0\win32
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\FLAGS
HKCR\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA}\1.0\HELPDIR
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\180SAINSTALLERSILSAIS1.EXE
C:\TEMP\180SAINSTALLER.EXE

Spyware.WebSearch (WinTools/Huntbar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL#DisplayName
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL#UninstallString
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TTOOL_UNINSTALL#DisplayIcon

Adware.Avenue Media/Internet Optimizer
HKCR\DyFuCA_BH.BHObj
HKCR\DyFuCA_BH.BHObj\CLSID
HKCR\DyFuCA_BH.BHObj\CurVer
HKCR\DyFuCA_BH.BHObj.1
HKCR\DyFuCA_BH.BHObj.1\CLSID
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#Comment
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout#DComment
HKLM\Software\Avenue Media
HKLM\Software\Avenue Media\Internet Optimizer
HKLM\Software\Avenue Media\Internet Optimizer#TargetDir
HKLM\Software\Avenue Media\Internet Optimizer#TAC
HKLM\Software\Avenue Media\Internet Optimizer#CLS
HKLM\Software\Avenue Media\Internet Optimizer#RID
HKLM\Software\Avenue Media\Internet Optimizer#Version
HKLM\Software\Avenue Media\Internet Optimizer#ServerVisited
HKLM\Software\Avenue Media\Internet Optimizer#UpdateInterval
HKLM\Software\Avenue Media\Internet Optimizer#ID
HKLM\Software\Avenue Media\Internet Optimizer#InstallT
HKLM\Software\Avenue Media\Internet Optimizer#remember[LLT]
HKLM\Software\Avenue Media\Internet Optimizer#PendingRemoval
HKLM\Software\Avenue Media\Internet Optimizer#Conn
HKLM\Software\Avenue Media\Internet Optimizer#403
HKLM\Software\Avenue Media\Internet Optimizer#404
HKLM\Software\Avenue Media\Internet Optimizer#410
HKLM\Software\Avenue Media\Internet Optimizer#500
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Version
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert#Target
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Active Alert\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Version
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper#Options
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Browser Helper\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Version
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer#Target
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer\cf1
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer\cf1#RawData
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer\cf1#Data
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer\cf1#DiffAll
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer\cf1#TimeStamp
HKLM\Software\Avenue Media\Internet Optimizer\Software Installer\cf1#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Version
HKLM\Software\Avenue Media\Internet Optimizer\WSE#Options
HKLM\Software\Avenue Media\Internet Optimizer\WSE#ModuleFileName
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2481
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1443
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1442
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1440
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19972
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19967
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19995
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1435
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19968
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19981
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI18353
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22814
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI194
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16999
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22210
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19975
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI21197
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2513
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19997
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19989
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI683
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI586
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1547
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI531267
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2539
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2076
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI533965
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI534308
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16433
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2385
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI171
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI20274
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI507979
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI16419
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI500687
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19996
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI1439
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI510438
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI19983
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI22240
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI502102
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI533590
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI963
HKLM\Software\Avenue Media\Internet Optimizer\WSE#RI2475
HKLM&

Edited by newcomer21, 09 March 2008 - 07:56 PM.

  • 0

Advertisements

#2
harrythook
Posted 16 March 2008 - 07:56 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
You are missing quite a bit of that log.

Do this:
    • NOTE: You will need to temporarily disable any programs you have running that will block attempts to edit the registry. As FixIEDef calls REGEDIT to delete registry keys added by Zlob, Trojan.Downloader.Delf, AntiSpyPro, and IE Defender.
  • Download FixIEDef.exe by ShadowPuterDude to the Desktop.
    Note: FixIEDef now supports Non-English Language Systems

  • Double-click FixIEDef.exe:
    Posted Image

  • That will open the About FixIEDef screen. Click OK to continue:
    Posted Image

  • Next, press the Scan! button:
    Posted Image

  • FixIEDef needs to run as Administrator to perform correctly. This message simply confirms it was able to run with admin privileges. Click OK to continue:
    Posted Image

  • Wait for the scan to finish. It shouldn't take very long:

    Posted Image

    Posted Image

    • WARNING: FixIEDef will kill all copies of Internet Explorer and Explorer that are running, during removal of malicious files. The icons and Start Menu on your Desktop will not be visible while FixIEDef is removing malicious files. This is necessary to remove parts of the infection that would otherwise not be removed.
  • After the !!! All Finished !!! message is displayed, click Exit:
    Posted Image

  • Post the FixIEDef log file, located on the Desktop.

    Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool". It is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

    See: http://www.beyondlog...processutil.htm

    Mirrors: Alternate official download locations for FixIEDef.exe

    http://it-mate.co.uk...ef/fixiedef.exe
    http://hosts-file.ne...ef/fixiedef.exe
    http://avant.it-mate...=Tools/FixIEDef
    http://archives.myst...pyware/FixIEDef

Download ComboFix from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply
Note: Do not mouseclick combofix's window while its running. That may cause it to stall

Post up all the results :)

Harry
  • 0

#3
newcomer21
Posted 16 March 2008 - 08:52 PM

newcomer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
For some reason all of my logs are not showing up so I am going to try and upload each one.

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:01 PM, on 3/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\explorer.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wbsd.k12.ms.us/default.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L7WFK1BB\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [NJv7jy] "C:\WINNT\system32\dgfgql.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [{E3-3C-C8-8E-ZN}] C:\winnt\system32\qjdsrngs.exe CORN001
O4 - HKLM\..\Run: [vptlgrlA] C:\WINNT\vptlgrlA.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Service Pack 1] C:\WINNT\system32\vedxg6ame4.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Service Pack 1] C:\WINNT\system32\vedxg6ame4.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205015352312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: mljihhf - mljihhf.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINNT\system32\mlljh.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINNT\system32\mllji.dll (file missing)
O20 - Winlogon Notify: winydp32 - winydp32.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://file016.bebo....b395413599s.jpg

--
End of file - 9158 bytes



ComboFix Log


ComboFix 08-03-14.4 - Band 2008-03-16 21:23:10.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.250 [GMT -5:00]Running from: C:\Documents and Settings\Band\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\Hotbar
C:\Documents and Settings\Administrator\Application Data\Hotbar\eskin\empty_bg_st.htm
C:\Documents and Settings\Administrator\Application Data\Hotbar\eskin\FileManager.txt
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1036212.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1042547.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1043399.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1050078.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055420.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055738.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055774.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055780.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055782.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055795.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056008.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056012.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056041.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056052.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056062.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056318.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056614.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056740.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056875.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056880.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1057433.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1057982.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1058131.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059003.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059075.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066422.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066483.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066608.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066790.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1066814.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1067179.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1068501.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1068730.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1068762.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1069933.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070499.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070500.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1070524.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1120942.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1132900.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1135179.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1139319.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1168201.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1168802.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\118843.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1202904.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1207296.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\12077.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\122069.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1224397.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1268831.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1271868.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1292851.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1300960.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1330542.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383437.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383595.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383597.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383603.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383623.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383732.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383771.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383783.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383918.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384078.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384083.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384213.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384575.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384989.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385371.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385372.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385411.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385445.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385452.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385502.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385511.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385540.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385641.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385972.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385982.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386047.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386476.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386485.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386864.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386960.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387268.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387588.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387599.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387616.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387730.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388210.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388545.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1388784.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1389024.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390246.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1390311.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391146.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1391287.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1394575.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1395796.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1396019.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1396049.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1398905.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1399269.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400305.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1400879.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401556.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401892.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401904.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402011.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402096.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402144.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402203.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402281.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402309.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402815.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1403243.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1409567.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1409712.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1410801.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1411808.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1411931.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1415279.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420310.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\144107.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\144914.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\144984.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1511728.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1583478.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\161666.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\16496.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\166334.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\175641.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\18255.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\184307.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\187725.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\1880153.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2120049.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\213432.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2208946.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2208948.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2255783.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\227890.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2320255.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\237280.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2451.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2492301.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\250519.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2609734.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2612474.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2613409.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2647529.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2661002.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\267132.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2750587.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\275851.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2763070.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2769559.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\280957.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2820603.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\286877.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2879456.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2879832.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2881352.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2883899.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2883904.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2883909.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2883915.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884302.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884305.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884308.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884309.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884318.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884322.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884324.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884330.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884426.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884480.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884488.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884503.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2884513.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2885061.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2885069.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2891898.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2893328.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2894081.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\289651.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2897195.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2897220.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899580.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899601.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899615.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899625.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899635.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2899639.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2901975.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\2903515.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\291520.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\302932.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\315863.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\324902.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\324915.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\3305670.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\330983.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\332144.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\334490.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\339418.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\344723.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\346907.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\358861.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\36472.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\367054.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\369037.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\369344.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\378900.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\381837.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\38249.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\387979.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\397946.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\417435.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\418335.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\420374.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\425227.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\444801.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\462781.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\475389.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\476068.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\48657.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\491501.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\499863.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\501371.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\504767.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\506745.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\528335.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\530291.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\530345.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\53274.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\54119.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\573421.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\575671.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\600583.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\605226.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\609636.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\614021.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\614280.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\625696.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\639036.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\642274.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\645496.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\647388.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\657900.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\660152.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\666117.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\668965.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\671709.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\675776.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\677706.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\683746.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\691517.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\693626.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\694434.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\698464.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\704748.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\70821.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\720992.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\722590.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\727903.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\731481.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\737654.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\757168.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\761357.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\777882.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\778482.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\78120.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\793537.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\798195.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\805478.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\806922.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\807019.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\808373.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\819382.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\821245.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\82316.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\82486.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\829423.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\832459.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\839078.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\84462.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\854296.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\859800.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\861318.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\865123.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\875256.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\87573.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\876812.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\880604.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\881468.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\890068.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\897097.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\898007.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\899349.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\906156.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\911831.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\917822.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\920086.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\921771.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\923426.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\924190.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\924955.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\925596.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\939171.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\943469.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\948149.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\948597.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\951083.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\952211.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\956277.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\962452.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\983788.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\985671.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\996619.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\997757.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\99904.sdf
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\330e.dat
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10104
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10110
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10175
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\103257
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1050
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10748
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10756
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10793
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\10807
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11028
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11208
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11213
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11263
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1130
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11390
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11637
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11721
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\118207
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\118375
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11997
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12017
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12486
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1258
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13061
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130965
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\130999
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1337
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13546
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13562
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13587
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13613
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13615
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13617
C:\Documents and Settings\Administrator\Application Data\Hotbar\v3.0\Hotbar\dynamic\Tooltip

Attached Files


Edited by newcomer21, 16 March 2008 - 09:03 PM.

  • 0

#4
harrythook
Posted 17 March 2008 - 05:51 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey newcomer21,

Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

R3 - URLSearchHook: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O4 - HKLM\..\Run: [NI.UWFX5] "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L7WFK1BB\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [NJv7jy] "C:\WINNT\system32\dgfgql.exe"
O4 - HKLM\..\Run: [RegPowerClean] "C:\Program Files\Winferno\RegistryPowerCleaner\RegPowerClean.exe"
O4 - HKLM\..\Run: [{E3-3C-C8-8E-ZN}] C:\winnt\system32\qjdsrngs.exe CORN001
O4 - HKLM\..\Run: [vptlgrlA] C:\WINNT\vptlgrlA.exe
O4 - HKUS\S-1-5-19\..\Run: [Windows update loader] C:\Windows\xpupdate.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Service Pack 1] C:\WINNT\system32\vedxg6ame4.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Service Pack 1] C:\WINNT\system32\vedxg6ame4.exe (User 'NETWORK SERVICE')
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...tup1.0.0.15.cab
O20 - Winlogon Notify: mljihhf - mljihhf.dll (file missing)
O20 - Winlogon Notify: mlljh - C:\WINNT\system32\mlljh.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINNT\system32\mllji.dll (file missing)
O20 - Winlogon Notify: winydp32 - winydp32.dll (file missing)
O24 - Desktop Component 0: (no name) - http://file016.bebo....b395413599s.jpg

Click on Fix Checked when finished and exit HijackThis.

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b] C:\Program Files\BearShare applications
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L7WFK1BB\WinFixer2005ScannerInstall[1].exe
C:\WINNT\system32\dgfgql.exe
C:\Program Files\Winferno
C:\winnt\system32\qjdsrngs.exe 
C:\WINNT\vptlgrlA.exe
C:\WINNT\system32\vedxg6ame4.exe 
C:\WINNT\system32\mlljh.dll [/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b] purity [/b]
  • Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Run Combofix again, post the results.

Harry
  • 0

#5
newcomer21
Posted 17 March 2008 - 08:38 PM

newcomer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Harry,

otmoveit log:

C:\Program Files\BearShare applications\BearShare\Skins\Images moved successfully.
C:\Program Files\BearShare applications\BearShare\Skins moved successfully.
C:\Program Files\BearShare applications\BearShare\HTML moved successfully.
C:\Program Files\BearShare applications\BearShare moved successfully.
C:\Program Files\BearShare applications moved successfully.
File/Folder C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L7WFK1BB\WinFixer2005ScannerInstall[1].exe not found.
File/Folder C:\WINNT\system32\dgfgql.exe not found.
File/Folder C:\Program Files\Winferno not found.
File/Folder C:\winnt\system32\qjdsrngs.exe not found.
File/Folder C:\WINNT\vptlgrlA.exe not found.
File/Folder C:\WINNT\system32\vedxg6ame4.exe not found.
File/Folder C:\WINNT\system32\mlljh.dll not found.
[Custom Input]
< purity >

OTMoveIt2 by OldTimer - Version 1.0.21 log created on 03182008_190932

Here are my other two logs.

Combo Fix:

ComboFix 08-03-14.4 - Band 2008-03-17 21:26:46.2 - NTFSx86
Running from: C:\Documents and Settings\Band\Desktop\Fix Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-18 to 2008-03-18 )))))))))))))))))))))))))))))))
.

2008-03-17 21:18 . 2008-03-17 21:18 <DIR> d-------- C:\_OTMoveIt
2008-03-12 09:23 . 2008-03-12 09:38 3,458 --a------ C:\WINNT\system32\tmp.reg
2008-03-12 09:22 . 2007-09-05 23:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2008-03-12 09:22 . 2006-04-27 16:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2008-03-12 09:22 . 2008-03-09 01:15 86,528 --a------ C:\WINNT\system32\VACFix.exe
2008-03-12 09:22 . 2008-03-05 22:29 82,432 --a------ C:\WINNT\system32\IEDFix.exe
2008-03-12 09:22 . 2003-06-05 20:13 53,248 --a------ C:\WINNT\system32\Process.exe
2008-03-12 09:22 . 2004-07-31 17:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
2008-03-12 09:22 . 2007-10-03 23:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-03-09 09:46 . 2008-03-09 09:46 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-08 23:08 . 2007-07-30 20:19 271,224 --a------ C:\WINNT\system32\mucltui.dll
2008-03-08 23:08 . 2007-07-30 20:19 30,072 --a------ C:\WINNT\system32\mucltui.dll.mui
2008-03-08 17:46 . 2008-03-08 17:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 13:14 . 2007-06-05 11:56 44,928 --a------ C:\WINNT\system32\drivers\SDTHOOK.SYS
2008-03-08 11:27 . 2007-06-08 10:44 8,576 --a------ C:\WINNT\system32\drivers\shdkodudebgq.sys
2008-03-08 08:55 . 2008-03-08 15:17 <DIR> d-------- C:\WINNT\system32\ActiveScan
2008-03-08 00:08 . 2008-03-08 00:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-08 00:01 . 2008-03-08 00:01 <DIR> d-------- C:\Documents and Settings\Band\Application Data\Grisoft
2008-03-08 00:01 . 2007-05-30 07:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-03-07 21:48 . 2007-12-06 21:21 6,066,176 --------- C:\WINNT\system32\dllcache\ieframe.dll
2008-03-07 21:48 . 2007-06-30 22:31 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat
2008-03-07 21:48 . 2007-06-30 22:36 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui
2008-03-07 21:48 . 2007-12-06 21:21 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll
2008-03-07 21:48 . 2007-12-06 21:21 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll
2008-03-07 21:48 . 2007-12-06 21:21 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll
2008-03-07 21:48 . 2007-12-06 21:21 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll
2008-03-07 21:48 . 2007-12-06 21:21 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll
2008-03-07 21:48 . 2007-12-06 06:00 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe
2008-03-07 20:46 . 2008-03-07 20:46 <DIR> d-------- C:\Documents and Settings\Band\Application Data\MSN6
2008-03-07 20:46 . 2008-03-07 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-07 19:39 . 2008-03-07 19:39 <DIR> d-------- C:\WINNT\ERUNT
2008-03-07 19:33 . 2008-03-07 20:10 <DIR> d-------- C:\SDFix
2008-03-06 12:29 . 2008-03-13 06:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-06 12:29 . 2008-03-06 12:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 12:29 . 2008-03-06 12:29 <DIR> d-------- C:\Documents and Settings\Band\Application Data\SUPERAntiSpyware.com
2008-03-06 12:29 . 2008-03-06 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-12 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-08 23:18 --------- d-----w C:\Documents and Settings\Band\Application Data\AVG7
2008-03-08 22:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 22:16 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-03-08 22:16 --------- d-----w C:\Program Files\Yahoo!
2008-03-08 22:14 --------- d-----w C:\Program Files\Common Files\Scanner
2008-03-08 19:46 --------- d-----w C:\Program Files\Winamp
2008-03-08 19:40 --------- d-----w C:\Program Files\QuickTime
2008-03-08 19:33 --------- d-----w C:\Program Files\Microsoft Location Finder
2008-03-08 04:07 --------- d-----w C:\Program Files\The Weather Channel FW
2008-03-08 03:28 --------- d-----w C:\Program Files\Java
2008-01-11 05:53 44,544 ------w C:\WINNT\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINNT\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINNT\system32\dllcache\mrxdav.sys
2007-08-14 18:36 334 ----a-w C:\Documents and Settings\Band\Application Data\internaldb1942.dat
2007-08-14 18:14 524 ----a-w C:\Documents and Settings\Band\Application Data\internaldb6121.dat
2007-08-14 18:14 20,480 ----a-w C:\Documents and Settings\Band\Application Data\internaldb4827.dat
2007-04-27 15:19 42,464 ----a-w C:\Documents and Settings\Band\Application Data\GDIPFONTCACHEV1.DAT
2006-12-08 22:21 0 ----a-w C:\Documents and Settings\Band\Application Data\internaldb5436.dat
2005-12-07 16:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-02-09 19:16 17,552 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-08-14 18:24 6,421 --sha-w C:\WINNT\system32\hjllm.bak1
2007-08-14 18:15 1,707,053 --sha-w C:\WINNT\system32\ijllm.bak2
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 14:22 121640]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 08:18 68856]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-05-23 10:41 1798656]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-07 21:18 1481968]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-02 15:12 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-21 15:53 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 12:38 35328]
"au"="C:\Program Files\Dealio\DealioAU.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-03-07 20:50 579072]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-03-07 20:50 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45 36040]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINNT\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINNT\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Band^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Band\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINNT\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Band^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Band\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\WINNT\pss\Zeno.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
C:\WINNT\system32\qwinkrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmysmileys]
C:\\gimmysmileys1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-12-18 00:20 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
C:\\keyboard1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktvhmzs]
c:\winnt\system32\ktvhmzs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ML1HelperStartUp]
C:\PROGRA~1\MIDNIG~1\ML1HEL~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\morphstb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
C:\\mousepad1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms055918214175]
C:\WINNT\ms055918214175.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 05:50 155648 C:\WINNT\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 05:50 155648 C:\WINNT\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NJv7jy]
C:\WINNT\system32\dgfgql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njwieycA]
C:\WINNT\njwieycA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-06-13 11:31 4734976 C:\WINNT\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-21 15:53 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvvktupi]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
C:\WINNT\SYSC00.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-03-02 15:12 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

S1 SysPCI;SysPCI;C:\WINNT\system32\drivers\wstsapnp9.sys [2005-09-19 06:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2005-01-19 21:24:30 C:\WINNT\Tasks\ISP signup reminder 2.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 21:29:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-17 21:31:07
ComboFix-quarantined-files.txt 2008-03-18 02:30:52
ComboFix2.txt 2008-03-17 02:42:25
.
2008-03-17 10:48:41 --- E O F ---


Hijackthis Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:39:05 PM, on 3/17/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Microsoft Location Finder\LocationFinder.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\explorer.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wbsd.k12.ms.us/default.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files\BearShare applications\BearShare MediaBar\MediaBar.dll (file missing)
O3 - Toolbar: Dealio - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [au] C:\Program Files\Dealio\DealioAU.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Location Finder] "C:\Program Files\Microsoft Location Finder\LocationFinder.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\aro.exe -rem
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'Default user')
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Compare Prices with &Dealio - C:\Program Files\Dealio\kb106\res\DealioSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINNT\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Dealio - {E908B145-C847-4e85-B315-07E2E70DECF8} - C:\Program Files\Dealio\kb106\Dealio.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=67633
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1205015352312
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files\Cheetah Burner\Cheetah CD Burner\NMSAccess.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

--
End of file - 7781 bytes

Edited by newcomer21, 18 March 2008 - 06:10 PM.

  • 0

#6
harrythook
Posted 18 March 2008 - 06:25 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey newcomer21,
Looking a bit better there, please give me a status report.

There are some items in the registry we should remove, I will give direction on that as soon as I hear whats going on there now :)

HArry
  • 0

#7
harrythook
Posted 18 March 2008 - 07:32 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Lets run this:
  • 1 - Flash Drive Disinfector
    Download Flash_Disinfector.exe by sUBs from >here< and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives including your mobile phone. Please do so and allow the utility to clean up those drives as well.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

Combofix one more time :)
  • 0

#8
newcomer21
Posted 18 March 2008 - 08:02 PM

newcomer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
latest combofix log

ComboFix 08-03-14.4 - Band 2008-03-18 20:59:20.3 - NTFSx86
Running from: C:\Documents and Settings\Band\Desktop\Fix Programs\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-02-19 to 2008-03-19 )))))))))))))))))))))))))))))))
.

2008-03-17 21:18 . 2008-03-17 21:18 <DIR> d-------- C:\_OTMoveIt
2008-03-12 09:23 . 2008-03-12 09:38 3,458 --a------ C:\WINNT\system32\tmp.reg
2008-03-12 09:22 . 2007-09-05 23:22 289,144 --a------ C:\WINNT\system32\VCCLSID.exe
2008-03-12 09:22 . 2006-04-27 16:49 288,417 --a------ C:\WINNT\system32\SrchSTS.exe
2008-03-12 09:22 . 2008-03-09 01:15 86,528 --a------ C:\WINNT\system32\VACFix.exe
2008-03-12 09:22 . 2008-03-05 22:29 82,432 --a------ C:\WINNT\system32\IEDFix.exe
2008-03-12 09:22 . 2003-06-05 20:13 53,248 --a------ C:\WINNT\system32\Process.exe
2008-03-12 09:22 . 2004-07-31 17:50 51,200 --a------ C:\WINNT\system32\dumphive.exe
2008-03-12 09:22 . 2007-10-03 23:36 25,600 --a------ C:\WINNT\system32\WS2Fix.exe
2008-03-09 09:46 . 2008-03-09 09:46 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-03-08 23:08 . 2007-07-30 20:19 271,224 --a------ C:\WINNT\system32\mucltui.dll
2008-03-08 23:08 . 2007-07-30 20:19 30,072 --a------ C:\WINNT\system32\mucltui.dll.mui
2008-03-08 17:46 . 2008-03-08 17:46 <DIR> d-------- C:\Program Files\Trend Micro
2008-03-08 13:14 . 2007-06-05 11:56 44,928 --a------ C:\WINNT\system32\drivers\SDTHOOK.SYS
2008-03-08 11:27 . 2007-06-08 10:44 8,576 --a------ C:\WINNT\system32\drivers\shdkodudebgq.sys
2008-03-08 08:55 . 2008-03-08 15:17 <DIR> d-------- C:\WINNT\system32\ActiveScan
2008-03-08 00:08 . 2008-03-08 00:08 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Grisoft
2008-03-08 00:01 . 2008-03-08 00:01 <DIR> d-------- C:\Documents and Settings\Band\Application Data\Grisoft
2008-03-08 00:01 . 2007-05-30 07:10 10,872 --a------ C:\WINNT\system32\drivers\AvgAsCln.sys
2008-03-07 21:48 . 2007-12-06 21:21 6,066,176 --------- C:\WINNT\system32\dllcache\ieframe.dll
2008-03-07 21:48 . 2007-06-30 22:31 2,455,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dat
2008-03-07 21:48 . 2007-06-30 22:36 991,232 --------- C:\WINNT\system32\dllcache\ieframe.dll.mui
2008-03-07 21:48 . 2007-12-06 21:21 459,264 --------- C:\WINNT\system32\dllcache\msfeeds.dll
2008-03-07 21:48 . 2007-12-06 21:21 383,488 --------- C:\WINNT\system32\dllcache\ieapfltr.dll
2008-03-07 21:48 . 2007-12-06 21:21 267,776 --------- C:\WINNT\system32\dllcache\iertutil.dll
2008-03-07 21:48 . 2007-12-06 21:21 63,488 --------- C:\WINNT\system32\dllcache\icardie.dll
2008-03-07 21:48 . 2007-12-06 21:21 52,224 --------- C:\WINNT\system32\dllcache\msfeedsbs.dll
2008-03-07 21:48 . 2007-12-06 06:00 13,824 --------- C:\WINNT\system32\dllcache\ieudinit.exe
2008-03-07 20:46 . 2008-03-07 20:46 <DIR> d-------- C:\Documents and Settings\Band\Application Data\MSN6
2008-03-07 20:46 . 2008-03-07 20:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-03-07 19:39 . 2008-03-07 19:39 <DIR> d-------- C:\WINNT\ERUNT
2008-03-07 19:33 . 2008-03-07 20:10 <DIR> d-------- C:\SDFix
2008-03-06 12:29 . 2008-03-13 06:27 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-03-06 12:29 . 2008-03-06 12:29 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-06 12:29 . 2008-03-06 12:29 <DIR> d-------- C:\Documents and Settings\Band\Application Data\SUPERAntiSpyware.com
2008-03-06 12:29 . 2008-03-06 12:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-12 13:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-03-12 13:00 --------- d-----w C:\Documents and Settings\LocalService\Application Data\AVG7
2008-03-08 23:18 --------- d-----w C:\Documents and Settings\Band\Application Data\AVG7
2008-03-08 22:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-08 22:16 --------- d--h--r C:\Documents and Settings\All Users\Application Data\yahoo!
2008-03-08 22:16 --------- d-----w C:\Program Files\Yahoo!
2008-03-08 22:14 --------- d-----w C:\Program Files\Common Files\Scanner
2008-03-08 19:46 --------- d-----w C:\Program Files\Winamp
2008-03-08 19:40 --------- d-----w C:\Program Files\QuickTime
2008-03-08 19:33 --------- d-----w C:\Program Files\Microsoft Location Finder
2008-03-08 04:07 --------- d-----w C:\Program Files\The Weather Channel FW
2008-03-08 03:28 --------- d-----w C:\Program Files\Java
2008-01-11 05:53 44,544 ------w C:\WINNT\system32\dllcache\pngfilt.dll
2007-12-19 23:01 347,136 ------w C:\WINNT\system32\dllcache\dxtmsft.dll
2007-08-14 18:36 334 ----a-w C:\Documents and Settings\Band\Application Data\internaldb1942.dat
2007-08-14 18:14 524 ----a-w C:\Documents and Settings\Band\Application Data\internaldb6121.dat
2007-08-14 18:14 20,480 ----a-w C:\Documents and Settings\Band\Application Data\internaldb4827.dat
2007-04-27 15:19 42,464 ----a-w C:\Documents and Settings\Band\Application Data\GDIPFONTCACHEV1.DAT
2006-12-08 22:21 0 ----a-w C:\Documents and Settings\Band\Application Data\internaldb5436.dat
2005-12-07 16:02 774,144 ----a-w C:\Program Files\RngInterstitial.dll
2005-02-09 19:16 17,552 ----a-w C:\Documents and Settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2007-08-14 18:24 6,421 --sha-w C:\WINNT\system32\hjllm.bak1
2007-08-14 18:15 1,707,053 --sha-w C:\WINNT\system32\ijllm.bak2
.

((((((((((((((((((((((((((((( snapshot@2008-03-16_21.41.18.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-18 23:35:19 3,580 ----a-w C:\WINNT\SoftwareDistribution\EventCache\{987FFA70-1ACC-4E76-9C21-8E499329B5EC}.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Location Finder"="C:\Program Files\Microsoft Location Finder\LocationFinder.exe" [2006-11-14 14:22 121640]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-14 08:18 68856]
"AROReminder"="C:\Program Files\Advanced Registry Optimizer\aro.exe" [2007-05-23 10:41 1798656]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-03-07 21:18 1481968]
"ctfmon.exe"="C:\WINNT\system32\ctfmon.exe" [2004-08-04 02:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-03-02 15:12 180269]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-03-21 15:53 98304]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2006-11-21 12:38 35328]
"au"="C:\Program Files\Dealio\DealioAU.exe" [ ]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2008-03-07 20:50 579072]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2008-03-07 20:50 219136]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2005-04-25 14:45 36040]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoControlPanel"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=C:\WINNT\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GStartup.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
backup=C:\WINNT\pss\GStartup.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINNT\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Band^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Band\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINNT\pss\LimeWire On Startup.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Band^Start Menu^Programs^Startup^Zeno.lnk]
path=C:\Documents and Settings\Band\Start Menu\Programs\Startup\Zeno.lnk
backup=C:\WINNT\pss\Zeno.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]
c:\program files\altnet\points manager\points manager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BearShare]
C:\Program Files\BearShare\BearShare.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
C:\WINNT\system32\qwinkrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BullsEye Network]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
c:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmysmileys]
C:\\gimmysmileys1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2004-12-18 00:20 278528 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
C:\\keyboard1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktvhmzs]
c:\winnt\system32\ktvhmzs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ML1HelperStartUp]
C:\PROGRA~1\MIDNIG~1\ML1HEL~1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\morphstb]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]
C:\\mousepad1.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ms055918214175]
C:\WINNT\ms055918214175.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
-ra------ 2001-07-09 05:50 155648 C:\WINNT\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
-ra------ 2001-07-09 05:50 155648 C:\WINNT\System32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NJv7jy]
C:\WINNT\system32\dgfgql.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njwieycA]
C:\WINNT\njwieycA.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2003-06-13 11:31 4734976 C:\WINNT\System32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\outlook]
C:\Program Files\outlook\outlook.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2005-03-21 15:53 98304 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvvktupi]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2003-10-31 20:42 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Symantec NetDriver Monitor]
C:\PROGRA~1\SYMNET~1\SNDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
C:\WINNT\SYSC00.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2005-03-02 15:12 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=

S1 SysPCI;SysPCI;C:\WINNT\system32\drivers\wstsapnp9.sys [2005-09-19 06:42]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2005-01-19 21:24:30 C:\WINNT\Tasks\ISP signup reminder 2.job"
- C:\WINNT\System32\OOBE\oobebaln.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-18 21:02:01
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-18 21:03:09
ComboFix-quarantined-files.txt 2008-03-19 02:03:01
ComboFix2.txt 2008-03-18 02:31:08
ComboFix3.txt 2008-03-17 02:42:25
.
2008-03-17 10:48:41 --- E O F ---
  • 0

#9
harrythook
Posted 19 March 2008 - 04:26 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey newcomer21,
Good to see you in chat, its helpful sometimes to talk in real time :)

Lets do this:

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [b] C:\WINNT\SYSC00.exe
C:\WINNT\njwieycA.exe
C:\WINNT\system32\dgfgql.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
C:\PROGRA~1\MIDNIG~1\ML1HEL~1.exe
C:\\mousepad1.exe
c:\winnt\system32\ktvhmzs.exe
C:\\keyboard1.exe
C:\\gimmysmileys1.exe
C:\WINNT\system32\qwinkrag.exe
c:\program files\altnet\points manager\points manager.exe
C:\Documents and Settings\Band\Start Menu\Programs\Startup\Zeno.lnk
C:\WINNT\pss\Zeno.lnkStartup
Startup.lnk
C:\Documents and Settings\Band\Start Menu\Programs\Startup\LimeWire On Startup.lnk
C:\WINNT\pss\LimeWire On Startup.lnkStartup
Menu^Programs^Startup^GStartup.lnk
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\GStartup.lnk
C:\WINNT\pss\GStartup.lnkCommon Startup [/b]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


The steps that I am about to suggest involve modifying the registry. Modifying the registry can be dangerous so we will make a backup of the registry first.
Modification of the registry can be EXTREMELY dangerous if you do not know exactly what you are doing so follow the steps that are listed below EXACTLY. if you cannot perform some of these steps or if you have ANY questions please ask BEFORE proceeding.

Backing Up Your Registry
  • Go Here and download ERUNT
    (ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
  • Install ERUNT by following the prompts
    (use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
  • Start ERUNT
    (either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
  • Choose a location for the backup
    (the default location is C:\WINDOWS\ERDNT which is acceptable).
  • Make sure that at least the first two check boxes are ticked
  • Press OK
  • Press YES to create the folder.
Registry Modifications

Next, lets remove the unwanted items.
Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Save it to your desktop has fixit.reg (filetype = any)

REGEDIT4

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor] 

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\njwieycA]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NJv7jy]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MyWebSearch Email Plugin]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ML1HelperStartUp]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mousepad]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ktvhmzs]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KAZAA]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\gimmysmileys]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserUpdateSched]
"C:\WINNT\system32\qwinkrag.exe"=-

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AltnetPointsManager]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\qvvktupi]

[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\morphstb]

NOTICE: This file was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system

Locate fixit.reg on your Desktop and double-click on it.
You will receive a prompt similar to: "Do you wish to merge the information into the registry?".
Answer "Yes" and wait for a message to appear similar to "Merged Successfully".

Please reply back letting me know if it merged correctly.

Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.

Of course, a fresh HJT log please!
Harry

Edited by harrythook, 19 March 2008 - 04:27 AM.

  • 0

#10
newcomer21
Posted 19 March 2008 - 04:45 PM

newcomer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
It did merge correctly for the reg fix.

My two logs are attached. :)

Attached Files


Edited by newcomer21, 21 March 2008 - 06:00 AM.

  • 0

#11
harrythook
Posted 20 March 2008 - 05:28 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey newcomer21,
A little more clean-up. You should go to add/remove programs, remove all Google toolbar entries, and reinstall if you use it (after we are finished)

Start OTScanIt. Copy/Paste the information in the Code box below into the pane where it says "Paste fix here" and then click the Run Fix button.


[Registry - Non-Microsoft Only]
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> au -> %ProgramFiles%\Dealio\DealioAU.exe
YN -> YSearchProtection -> %ProgramFiles%\Yahoo!\Search Protection\SearchProtection.exe
< Run [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> AROReminder -> %ProgramFiles%\Advanced Registry Optimizer\ARO.exe
< Internet Explorer Bars [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> {5C4C24D0-28B6-4B6B-B70F-E09848367F10} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dealio\kb106\Dealio.dll [Dealio]
< Internet Explorer Bars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\
YN -> {32683183-48a0-441b-a342-7c2a440a9478} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
YY -> {2318C2B1-4965-11d4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google]
YN -> {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BearShare applications\BearShare MediaBar\MediaBar.dll [BearShare MediaBar]
YN -> {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dealio\kb106\Dealio.dll [Dealio]
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> ShellBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BearShare applications\BearShare MediaBar\MediaBar.dll [BearShare MediaBar]
YY -> WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Google\GoogleToolbar2.dll [&Google]
YN -> WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
YN -> WebBrowser\\{D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\BearShare applications\BearShare MediaBar\MediaBar.dll [BearShare MediaBar]
YN -> WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [HKEY_LOCAL_MACHINE] -> Reg Error: Key does not exist or could not be opened. [Reg Error: Key does not exist or could not be opened.]
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
YN -> {E908B145-C847-4e85-B315-07E2E70DECF8}:{9F038672-0425-4792-BC9C-36DE3308E8AA} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dealio\kb106\Dealio.dll [Dealio]
< Internet Explorer Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\
YN -> CmdMapping\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} [HKEY_LOCAL_MACHINE] -> [Reg Error: Key does not exist or could not be opened.]
YN -> CmdMapping\\{E908B145-C847-4e85-B315-07E2E70DECF8} [HKEY_LOCAL_MACHINE] -> %ProgramFiles%\Dealio\kb106\Dealio.dll [Dealio]
< Internet Explorer Menu Extensions [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
YN -> &Google Search -> %ProgramFiles%\google\GoogleToolbar1.dll
YN -> &Translate English Word -> %ProgramFiles%\google\GoogleToolbar1.dll
YN -> Backward Links -> %ProgramFiles%\google\GoogleToolbar1.dll
YN -> Cached Snapshot of Page -> %ProgramFiles%\google\GoogleToolbar1.dll
YN -> Compare Prices with &Dealio -> %ProgramFiles%\Dealio\kb106\res\DealioSearch.htm
YN -> Similar Pages -> %ProgramFiles%\google\GoogleToolbar1.dll
YN -> Translate Page into English -> %ProgramFiles%\google\GoogleToolbar1.dll


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. CLick the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here along with a new OTScanIt scan.

I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Status report, how is the machine running?
Go Eagles :)

Harry
  • 0

#12
newcomer21
Posted 20 March 2008 - 03:35 PM

newcomer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
Machine seems to be running fine and didn't have any problems with the scans. :)

Go Eagles?

Attached Files


  • 0

#13
harrythook
Posted 21 March 2008 - 03:37 AM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Hey newcomer21,
Log looks clean :)

(WBSD Eagles)

Things look good there, and unless there are other issues I believe you are good to go.
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it. (Vista users, please right click on OTMoveit2.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

Written by one of the best, check out the recommended prevention methods HERE

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Let me know if all is ok!

Harry
  • 0

#14
newcomer21
Posted 21 March 2008 - 05:57 AM

newcomer21

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 121 posts
All looks great! :)

Thanks for all your help Harrythook!!! :)

Edited by newcomer21, 21 March 2008 - 05:58 AM.

  • 0

#15
harrythook
Posted 21 March 2008 - 05:42 PM

harrythook

    Trusted Helper

  • Retired Staff
  • 2,618 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP