Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:21:03 PM, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Program Files\Common Files\Stardock\SDMCP.exe
D:\Program Files\window blinds\wbload.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
D:\Program Files\Eyemail Technology Inc\CameraServer.exe
D:\WINDOWS\system32\inetsrv\inetinfo.exe
D:\PROGRA~1\Iomega\System32\AppServices.exe
D:\Program Files\Eset\nod32krn.exe
D:\Documents and Settings\All Users\Application Data\qfivutkp\ubgtcdqt.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
D:\WINDOWS\VM303_STI.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
D:\Program Files\Eset\nod32kui.exe
D:\WINDOWS\system32\VTTimer.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\Google\Google Talk\googletalk.exe
D:\WINDOWS\SOUNDMAN.EXE
D:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe
D:\WINDOWS\system32\tcpsvcs.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\TweakRAM\TweakRAM.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\Auto Off\Auto Off.exe
D:\Program Files\Microsoft ActiveSync\wcescomm.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\PROGRA~1\MICROS~4\rapimgr.exe
D:\Program Files\MSN Messenger\MsnMsgr.Exe
D:\Program Files\MySpace\IM\MySpaceIM.exe
D:\WINDOWS\system32\ofsnmlat.exe
D:\Program Files\Veoh Networks\Veoh\VeohClient.exe
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
D:\Program Files\MSI\DigiCell\DigiCell.exe
D:\Program Files\MSI\SecureDoc\Logon.exe
D:\Program Files\Common Files\Sonic Shared\cinetray.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\MSI\Core Center\CoreCenter.exe
D:\Program Files\Metacafe\MetacafeAgent.exe
D:\Program Files\Dachshund Software\Hare\Hare.exe
D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
D:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
D:\Documents and Settings\poch\Desktop\dss.exe
D:\PROGRA~1\TRENDM~1\HIJACK~1\poch.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tapgsm.com.ph
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - D:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - D:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {0AB40134-0909-4FAE-9F8A-8ADECCAA3335} - D:\WINDOWS\system32\dpwsoc.dll (file missing)
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Browzu_IELDR Class - {15256C66-A8BE-4428-B2F8-3F7B746D4D05} - D:\Program Files\Vazu\Browzu_ie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - D:\PROGRA~1\Rapidown\rapi310.dll
O2 - BHO: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - D:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: Camfrog Toolbar - {AF2A1C5A-1AED-4E92-8BA8-D708EB79537E} - D:\Program Files\Camfrog\CamfrogBar\CamfrogBar.dll
O3 - Toolbar: Vazu Mobile Toolbar - {D772C84A-0605-4025-8103-40305D6C47B7} - D:\Program Files\Vazu\VazuMobileBar.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - D:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Modem Booster] D:\Program Files\inKline Global\Modem Booster\ModemBtr.exe
O4 - HKLM\..\Run: [BigDog303] D:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] D:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [nod32kui] "D:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE A4 Tech USB PC Camera
O4 - HKLM\..\Run: [googletalk] D:\Program Files\Google\Google Talk\googletalk.exe /autostart
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "D:\Program Files\Iomega HotBurn Pro\Autolaunch.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "D:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [find trust seek mail] D:\Documents and Settings\All Users\Application Data\Defy Memo Find Trust\Link Mode.exe
O4 - HKLM\..\Run: [SpyHunter Security Suite] D:\Program Files\Enigma Software Group\SpyHunter\SpyHunter3.exe
O4 - HKCU\..\Run: [TweakRAM] D:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [AutoOff] D:\Program Files\Auto Off\Auto Off.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "D:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [VoipBuster] "D:\Program Files\VoipBuster.com\VoipBuster\VoipBuster.exe" -nosplash -minimized
O4 - HKCU\..\Run: [Vazu] D:\Program Files\Vazu\vazucentral.exe -hid
O4 - HKCU\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Camfrog] "D:\Program Files\Camfrog\Camfrog Video Chat\CamfrogNet.exe" 0 D:\Program Files\Camfrog\Camfrog Video Chat\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [32 Mapi] D:\DOCUME~1\poch\APPLIC~1\INTERN~2\Meta Bold Extra.exe
O4 - HKCU\..\Run: [oormvbyn] D:\WINDOWS\system32\ofsnmlat.exe
O4 - HKCU\..\Run: [ymwlagdh] D:\WINDOWS\system32\krunadqb.exe
O4 - HKCU\..\Run: [tbeluyru] D:\WINDOWS\system32\vcvgtubs.exe
O4 - HKCU\..\Run: [Veoh] "D:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKLM\..\Policies\Explorer\Run: [KeauxafYSB] D:\Documents and Settings\All Users\Application Data\qfivutkp\ubgtcdqt.exe
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] D:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: MetaCafe.lnk = D:\Program Files\Metacafe\MetacafeAgent.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Startup: Hare.lnk = D:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Startup: Yahoo! Widget Engine.lnk = D:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: Rapidown.lnk = D:\Program Files\Rapidown\rapidown.exe
O4 - Startup: Alienware Dock.lnk = D:\Program Files\AlienGUIse\AlienwareDock\ObjectDock.exe
O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = D:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: DigiCell.lnk = D:\Program Files\MSI\DigiCell\DigiCell.exe
O4 - Global Startup: SecureDoc.lnk = D:\Program Files\MSI\SecureDoc\Logon.exe
O4 - Global Startup: Sonic CinePlayer Quick Launch.lnk = ?
O4 - Global Startup: CoreCenter.lnk = D:\Program Files\MSI\Core Center\CoreCenter.exe
O4 - Global Startup: Metacafe.lnk = D:\Program Files\Metacafe\MetacafeAgent.exe
O8 - Extra context menu item: &Download all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Download selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Yahoo! Search - file:///D:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Baixar com o Rapidown... - D:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Baixar tudo com o Rapidown... - D:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Vazu: Send &this image to my phone - D:\Program Files\Vazu\sendtext.htm
O8 - Extra context menu item: Vazu: Send &this text to my phone - D:\Program Files\Vazu\sendtext.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///D:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///D:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///D:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute\vrie.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - D:\Program Files\VisualRoute\vrie.dll
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - (no file)
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - D:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - D:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Vazu Mobile - {9F618E2B-154A-493e-8F8F-453252B8EDAF} - D:\Program Files\Vazu\VazuMobileBar.dll
O9 - Extra 'Tools' menuitem: Vazu Mobile Toolbar - {9F618E2B-154A-493e-8F8F-453252B8EDAF} - D:\Program Files\Vazu\VazuMobileBar.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: D:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg...l_v1-0-3-18.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/p...owserPlugin.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: CameraServer - Unknown owner - D:\Program Files\Eyemail Technology Inc\CameraServer.exe
O23 - Service: Iomega App Services - Iomega Corporation - D:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - D:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - D:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
--
End of file - 15930 bytes
mbam logs.... :
Malwarebytes' Anti-Malware 1.09
Database version: 573
Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 427022
Time elapsed: 4 hour(s), 16 minute(s), 18 second(s)
Memory Processes Infected: 1
Memory Modules Infected: 1
Registry Keys Infected: 7
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 6
Files Infected: 42
Memory Processes Infected:
d:\program files\the weather channel fw\desktop weather\desktopweather.exe (Adware.Hotbar) -> No action taken.
Memory Modules Infected:
d:\program files\the weather channel fw\framework\wxfw.dll (Adware.Hotbar) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\the weather channel desktop (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Software\mwc (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Software\The Weather Channel (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Weather Services (Adware.Hotbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\DW4 (Adware.Hotbar) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{c49dd894-c6de-4910-8c41-ba20f852d8bc} (Adware.IE.Toolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cpls\wxfw.dll (Adware.Hotbar) -> No action taken.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
D:\Program Files\The Weather Channel FW (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework (Adware.Hotbar) -> No action taken.
D:\Program Files\PC-Cleaner (Rogue.PC-Cleaner) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather (Adware.Hotbar) -> No action taken.
Files Infected:
d:\program files\the weather channel fw\desktop weather\desktopweather.exe (Adware.Hotbar) -> No action taken.
d:\program files\the weather channel fw\framework\wxfw.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> No action taken.
C:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\wxfw.dll (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\WiseInstallUtility.dll (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelUpdate.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSlnchr.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelqx.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelQC.exe (Adware.Hotbar) -> No action taken.
G:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelNE.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.EXE (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\eula.html (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\uninstall.bat (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\UNWISE.INI (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\INSTALL.LOG (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Desktop Weather\TheWeatherChannelCustomUninstall.exe (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\UNWISE.INI (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\INSTALL.LOG (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\UNWISE.EXE (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\uninstall.bat (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\wxfw.cpl (Adware.Hotbar) -> No action taken.
D:\Program Files\The Weather Channel FW\Framework\TheWeatherChannelSetup.exe (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\The Weather Channel Desktop.lnk (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Help.lnk (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Uninstall.lnk (Adware.Hotbar) -> No action taken.
D:\Documents and Settings\All Users\Start Menu\Programs\The Weather Channel\Desktop Weather\Settings.lnk (Adware.Hotbar) -> No action taken.
D:\WINDOWS\Casino Madness 2002 Demo Setup Log.txt (Malware.Trace) -> No action taken.
D:\Documents and Settings\poch\Desktop\The Weather Channel Desktop.lnk (Rogue.Link) -> No action taken.
thanks ....