I don't recongnize that program
"Silent Runners.vbs", revision 39,
http://www.silentrunners.org/Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BackupNotify" = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\backupnotify.exe" [null data]
"NVIEW" = "rundll32.exe nview.dll,nViewLoadHook" [MS]
"D2ProphecySetup.exe" = "C:\DOWNLO~1\D2PROP~1.EXE /r" [file not found]
"jvowukq" = "c:\windows\tptntrd.exe" [file not found]
"gsqkhqu" = "c:\windows\sddjmyv.exe" [null data]
"iejuput" = "c:\windows\sddjmyv.exe" [null data]
"upjivea" = "c:\windows\sddjmyv.exe" [null data]
"ifdlxax" = "c:\windows\sddjmyv.exe" [null data]
"fofaevw" = "c:\windows\qnervjm.exe" [null data]
"bnbfctu" = "c:\windows\qnervjm.exe" [null data]
"dddmtan" = "c:\windows\qnervjm.exe" [null data]
"bkxdnmg" = "c:\windows\qnervjm.exe" [null data]
"cygttch" = "c:\windows\qnervjm.exe" [null data]
"rbfvbxk" = "c:\windows\qnervjm.exe" [null data]
"qawbiku" = "c:\windows\qnervjm.exe" [null data]
"urcnlek" = "c:\windows\qnervjm.exe" [null data]
"ikhrkct" = "c:\windows\qnervjm.exe" [null data]
"gdhcolv" = "c:\windows\qnervjm.exe" [null data]
"ddphovd" = "c:\windows\qnervjm.exe" [null data]
"yaqwipt" = "c:\windows\qnervjm.exe" [null data]
"omlfjao" = "c:\windows\qnervjm.exe" [null data]
"mbnjbbs" = "c:\windows\qnervjm.exe" [null data]
"khahjdq" = "c:\windows\qnervjm.exe" [null data]
"irrkiod" = "c:\windows\qnervjm.exe" [null data]
"tdramop" = "c:\windows\qnervjm.exe" [null data]
"oduxsxg" = "c:\windows\qnervjm.exe" [null data]
"bbkxfon" = "c:\windows\qnervjm.exe" [null data]
"erflvks" = "c:\windows\qnervjm.exe" [null data]
"dkgicrd" = "c:\windows\qnervjm.exe" [null data]
"xhyjtdt" = "c:\windows\qnervjm.exe" [null data]
"hicgymh" = "c:\windows\qnervjm.exe" [null data]
"xmkloyr" = "c:\windows\qnervjm.exe" [null data]
"wbfyuhu" = "c:\windows\qnervjm.exe" [null data]
"kqjmxog" = "c:\windows\qnervjm.exe" [null data]
"adxnvwf" = "c:\windows\qnervjm.exe" [null data]
"jqckmbk" = "c:\windows\qnervjm.exe" [null data]
"lhqtqtl" = "c:\windows\qnervjm.exe" [null data]
"ulgrsnr" = "c:\windows\qnervjm.exe" [null data]
"pgnnkjw" = "c:\windows\qnervjm.exe" [null data]
"ipgyphb" = "c:\windows\qnervjm.exe" [null data]
"hkllxyg" = "c:\windows\qnervjm.exe" [null data]
"imgcihm" = "c:\windows\qnervjm.exe" [null data]
"yaxpiop" = "c:\windows\qnervjm.exe" [null data]
"vhnmdrx" = "c:\windows\qnervjm.exe" [null data]
"sojbbok" = "c:\windows\qnervjm.exe" [null data]
"ayssiay" = "c:\windows\qnervjm.exe" [null data]
"ltwanas" = "c:\windows\qnervjm.exe" [null data]
"xukmfky" = "c:\windows\qnervjm.exe" [null data]
"bjtboaj" = "c:\windows\qnervjm.exe" [null data]
"ccisaiu" = "c:\windows\qnervjm.exe" [null data]
"tukyarf" = "c:\windows\qnervjm.exe" [null data]
"ofymakd" = "c:\windows\qnervjm.exe" [null data]
"jqvmfbk" = "c:\windows\qnervjm.exe" [null data]
"owgnwxj" = "c:\windows\qnervjm.exe" [null data]
"wxbxvta" = "c:\windows\qnervjm.exe" [null data]
"rbaooew" = "c:\windows\qnervjm.exe" [null data]
"pdhhonc" = "c:\windows\qnervjm.exe" [null data]
"nrvxxkh" = "c:\windows\qnervjm.exe" [null data]
"ddotajn" = "c:\windows\qnervjm.exe" [null data]
"cftgthp" = "c:\windows\qnervjm.exe" [null data]
"jykhixm" = "c:\windows\qnervjm.exe" [null data]
"racomxu" = "c:\windows\qnervjm.exe" [null data]
"cgkfkpi" = "c:\windows\aekxbav.exe" [null data]
"dvxetcw" = "c:\windows\aekxbav.exe" [null data]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\ {++}
"atcqmxk" = "C:\WINDOWS\System32\atcqmxk.exe" [file not found]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"hpsysdrv" = "c:\windows\system\hpsysdrv.exe" ["Hewlett-Packard Company"]
"HotKeysCmds" = "C:\WINDOWS\System32\hkcmd.exe" ["Intel Corporation"]
"CamMonitor" = "c:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe" [empty string]
"HP Software Update" = ""c:\Program Files\HP\HP Software Update\HPWuSchd.exe"" ["Hewlett-Packard"]
"HPHUPD05" = "c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" ["Hewlett-Packard"]
"HPHmon05" = "C:\WINDOWS\System32\hphmon05.exe" ["Hewlett-Packard"]
"AutoTKit" = "C:\hp\bin\AUTOTKIT.EXE" [null data]
"Recguard" = "C:\WINDOWS\SMINST\RECGUARD.EXE" [empty string]
"NvCplDaemon" = "RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup" [MS]
"nwiz" = "nwiz.exe /installquiet /keeploaded /nodetect" ["NVIDIA Corporation"]
"Sunkist2k" = "C:\Program Files\Multimedia Card Reader\shwicon2k.exe" ["Alcor Micro, Corp."]
"AlcxMonitor" = "ALCXMNTR.EXE" ["Realtek Semiconductor Corp."]
"PS2" = "C:\WINDOWS\system32\ps2.exe" [file not found]
"mmtask" = "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" ["TODO: <Company name>"]
"QuickFinder Scheduler" = ""c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"" ["Novell, Inc., c/o Corel Corporation Limited"]
"IPInSightMonitor 01" = ""C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"" ["Visual Networks"]
"Microsoft Works Update Detection" = "C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [file not found]
"UpdateManager" = ""C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r" ["Sonic Solutions"]
"SunJavaUpdateSched" = "C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe" [null data]
"TkBellExe" = ""C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot" ["RealNetworks, Inc."]
"Logitech Utility" = "Logi_MwX.Exe" ["Logitech Inc."]
"Motive SmartBridge" = "C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" ["Motive Communications, Inc."]
"YBrowser" = "C:\Program Files\Yahoo!\browser\ybrwicon.exe" ["Yahoo!, Inc."]
"WinampAgent" = "C:\Program Files\Winamp\winampa.exe" [null data]
"ccApp" = ""C:\Program Files\Common Files\Symantec Shared\ccApp.exe"" ["Symantec Corporation"]
"SSC_UserPrompt" = "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" ["Symantec Corporation"]
"Symantec NetDriver Monitor" = "C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer" ["Symantec Corporation"]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\Setup\ {++}
EXECUTION UNLIKELY: "Registrando Panda ActiveX" = "C:\WINDOWS\System32\regsvr32.exe /s C:\WINDOWS\System32\ActiveScan\as.dll" [MS]
EXECUTION UNLIKELY: "Registrando Panda Almacen" = "C:\WINDOWS\System32\regsvr32.exe /s C:\WINDOWS\System32\ActiveScan\pavpz.dll" [MS]
EXECUTION UNLIKELY: "Registering ActiveScan controles" = "C:\WINDOWS\System32\regsvr32.exe /s C:\WINDOWS\System32\ActiveScan\ascontrol.dll" [MS]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = "AcroIEHlprObj Class" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{243B17DE-77C7-46BF-B94B-0B5F309A0E64}\(Default) = (no title provided)
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]
{4E7BD74F-2B8D-469E-C0FF-FD60B590A87D}\(Default) = "REALBAR" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\COMMON~1\Real\Toolbar\RealBar.dll" ["Visicom Media"]
{9ECB9560-04F9-4bbc-943D-298DDF1699E1}\(Default) = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
{BDF3E430-B101-42AD-A544-FADC6B084872}\(Default) = "NAV Helper"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Display Panning CPL Extension"
-> {CLSID}\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "HyperTerminal Icon Ext"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\hticons.dll" ["Hilgraeve, Inc."]
"{19CC43A1-6925-4B48-B292-830291F393A6}" = "HPNSView"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdns_01.dll" [empty string]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Real\RealOne Player\rpshell.dll" ["RealNetworks, Inc."]
"{7F67036B-66F1-411A-AD85-759FB9C5B0DB}" = "SampleView"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
"{1CDB2949-8F65-4355-8456-263E7C208A5D}" = "Desktop Explorer"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{1E9B04FB-F9E5-4718-997B-B8DA88302A47}" = "Desktop Explorer Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\nvshell.dll" ["NVIDIA Corporation"]
"{5464D816-CF16-4784-B9F3-75C0DB52B499}" = "Yahoo! Mail"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
"{BB7DF450-F119-11CD-8465-00AA00425D90}" = "Microsoft Access Custom Icon Handler"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Office\Office\soa800.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Audiodev.dll" [MS]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
"{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}" = "TrojanHunter Menu Shell Extension"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
INFECTION WARNING! "{54D9498B-CF93-414F-8984-8CE7FDE0D391}" = "ewido shell guard"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\ewido\security suite\shellhook.dll" ["TODO: <Firmenname>"]
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
"load" = (value not set)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\
"AppInit_DLLs" = (value not set)
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
INFECTION WARNING! igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Yahoo! Mail\(Default) = "{5464D816-CF16-4784-B9F3-75C0DB52B499}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\ymmapi.dll" ["Yahoo! Inc."]
HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
QuickFinderMenu\(Default) = "{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1}"
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL" ["Novell, Inc., c/o Corel Corporation Limited"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
Symantec.Norton.Antivirus.IEContextMenu\(Default) = "{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
TrojanHunter\(Default) = "{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}"
-> {CLSID}\InProcServer32\(Default) = "C:\PROGRA~1\TROJAN~1.2\contmenu.dll" [null data]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\WinRAR\rarext.dll" [null data]
Active Desktop and Wallpaper:
-----------------------------
Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp"
Autostart via AUTORUN.INF on local fixed drives:
------------------------------------------------
D:\
INFECTION WARNING! D:\AUTORUN.INF -> "OPEN=Info.exe folder.htt 480 480" ["XSS"]
DESKTOP.INI DLL launch in local fixed drive directories:
--------------------------------------------------------
D:\cmdcons\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\MiniNT\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\PRELOAD\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\I386\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\TOOLS\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
D:\hp\DESKTOP.INI
[.ShellClassInfo]
CLSID={7f67036b-66f1-411a-ad85-759fb9c5b0db}
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\ShellvRTF.dll" ["XSS"]
Startup items in "Owner" & "All Users" startup folders:
-------------------------------------------------------
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
"Adobe Gamma" -> shortcut to: "C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe" ["Adobe Systems, Inc."]
INFECTION WARNING! "AutoTBar.exe" [null data]
"spamsubtract" -> shortcut to: "C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe -q" ["interMute, Inc."]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
"HP Digital Imaging Monitor" -> shortcut to: "C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe" ["Hewlett-Packard Co."]
"Logitech Desktop Messenger" -> shortcut to: "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe /start" ["Logitech"]
"Quicken Scheduled Updates" -> shortcut to: "C:\Program Files\Quicken\bagent.exe" ["Intuit Inc."]
"SBC Self Support Tool" -> shortcut to: "C:\Program Files\SBC Self Support Tool\bin\matcli.exe -boot" ["Motive Communications, Inc."]
"Updates from HP" -> shortcut to: "C:\Program Files\Updates from HP\137903\Program\BackWeb-137903.exe -startup" [null data]
Enabled Scheduled Tasks:
------------------------
"Norton AntiVirus - Scan my computer - Owner" -> launches: "C:\PROGRA~1\NORTON~2\NORTON~1\Navw32.exe /task:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"" ["Symantec Corporation"]
"Symantec NetDetect" -> launches: "C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE" ["Symantec Corporation"]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
Transport Service Providers
HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 17
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKCU\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "HP View" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}" = "HP View" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}" = "Norton Internet Security"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll" ["Symantec Corporation"]
"{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}" = "Norton AntiVirus"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll" ["Symantec Corporation"]
Explorer Bars
HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]
HKLM\Software\Microsoft\Internet Explorer\Explorer Bars\
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\ = "&Yahoo! Messenger" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]
{8F4902B6-6C04-4ADE-8052-AA58578A21BD}\ = "hp view" [from CLSID]
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\Shdocvw.dll" [MS]
Dormant Explorer Bars in "View, Explorer Bar" menu
HKLM\Software\Classes\CLSID\{B2847E28-5D7D-4DEB-8B67-05D28BCF79F5}\ = "HP View"
Implemented Categories\{00021494-0000-0000-C000-000000000046}\ [horizontal bar]
InProcServer32\(Default) = "c:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpdtlk02.dll" ["Hewlett-Packard Company"]
HKLM\Software\Classes\CLSID\{D6A116E7-5906-42E4-87F6-E7E15936415E}\ = "MoneySide"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKCU\Software\Microsoft\Internet Explorer\Extensions\
{AF6CABAB-61F9-4F12-A198-B7D41EF1CB52}\
"ButtonText" = "WeatherBug"
"CLSIDExtension" = "{AF6CABAB-61F9-4f12-A198-B7D41EF1CB52}"
"Exec" = "C:\Program Files\AWS\WeatherBug\Weather.exe" [file not found]
HKLM\Software\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Console"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"
-> {CLSID}\InProcServer32\(Default) = "C:\WINDOWS\System32\msjava.dll" [MS]
{2499216C-4BA5-11D5-BD9C-000103C116D5}\
"ButtonText" = "Yahoo! Login"
"MenuText" = "Yahoo! Login"
"CLSIDExtension" = "{2499216C-4BA5-11D5-BD9C-000103C116D5}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Common\ylogin.dll" ["Yahoo! Inc."]
{4528BBE0-4E08-11D5-AD55-00010333D0AD}\
"ButtonText" = "Messenger"
"MenuText" = "Yahoo! Messenger"
"CLSIDExtension" = "{4C171D40-8277-11D5-AD55-00010333D0AD}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Yahoo!\Messenger\yhexbmes.dll" ["Yahoo! Inc."]
{AC9E2541-2814-11D5-BC6D-00B0D0A1DE45}\
"ButtonText" = "AIM"
"Exec" = "C:\Program Files\AIM\aim.exe" ["America Online, Inc."]
{E023F504-0C5A-4750-A1E7-A9046DEA8A21}\
"ButtonText" = "MoneySide"
"CLSIDExtension" = "{DD6687B5-CB43-4211-BFC9-2942CCBDCB3E}"
-> {CLSID}\InProcServer32\(Default) = "C:\Program Files\Microsoft Money\System\mnyside.dll" [MS]
{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Messenger"
"Exec" = "C:\Program Files\Messenger\MSMSGS.EXE" [MS]
Miscellaneous IE Hijack Points
------------------------------
C:\WINDOWS\INF\IERESET.INF (used to "Reset Web Settings")
Added lines (compared with English-language version):
[Strings]: START_PAGE_URL=http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
Missing lines (compared with English-language version):
[Strings]: 1 line
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
C-DillaCdaC11BA, C-DillaCdaC11BA, "C:\WINDOWS\System32\drivers\CDAC11BA.EXE" ["Macrovision"]
ewido security suite control, ewido security suite control, "C:\Program Files\ewido\security suite\ewidoctrl.exe" ["ewido networks"]
ISSvc, ISSVC, "C:\Program Files\Norton Internet Security\ISSVC.exe" ["Symantec Corporation"]
Norton AntiVirus Auto-Protect Service, navapsvc, ""C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"" ["Symantec Corporation"]
NVIDIA Driver Helper Service, NVSvc, "C:\WINDOWS\System32\nvsvc32.exe" ["NVIDIA Corporation"]
Symantec Core LC, Symantec Core LC, "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" ["Symantec Corporation"]
Symantec Event Manager, ccEvtMgr, ""C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"" ["Symantec Corporation"]
Symantec Network Drivers Service, SNDSrvc, "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" ["Symantec Corporation"]
Symantec Network Proxy, ccProxy, ""C:\Program Files\Common Files\Symantec Shared\ccProxy.exe"" ["Symantec Corporation"]
Symantec Settings Manager, ccSetMgr, ""C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe"" ["Symantec Corporation"]
Symantec SPBBCSvc, SPBBCSvc, "C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe" ["Symantec Corporation"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\System32\wdfmgr.exe" [MS]
----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 244 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 36 seconds.
---------- (total run time: 458 seconds)
Heres the micro world log
File c:\windows\sddjmyv.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File c:\windows\qnervjm.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File c:\windows\aekxbav.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "IBIS Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "Quicken Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "180Solutions Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "bargain buddy Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "FunWeb Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "FunWebProducts Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "mwsoemon Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "myway Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ncase Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "WhenU Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "altnet Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "eZula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "MyWebSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CWS.loadbat Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "CWS.loadbat Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "iSearch Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\Program Files\Yahoo!\Common\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\v2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\nethv32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\windec32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\Install.wse.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\config.ini". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\Hewlett-Packard\Digital Imaging\hpis\temp\templates.zip". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\nCaseInstaller.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\FilePlanetDownloadCtrl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\gsda.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\windec32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\nethv32.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\ZangoLib.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\v2.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Yahoo!\Common\yinsthelper.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\pxsfs.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\bullet.gid". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0A99FD75-B264-48FC-AE49-924A646964B8}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Program Files\Common Files\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{22DF8246-239C-45B1-9298-A8CFFDB410DE}" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B7DJ7H8O\AIMBoss[1]\tocSock.ocx". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{307A6C42-0000-0010-8000-00AA00389B71}" refers to invalid object "C:\Warcraft III\blizzard.ax". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{3D36A6CC-E87B-4ae7-BE09-3BDF338445C1}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\DLLs\RGWInterfaces_DSR.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{40D41A8B-D79B-43d7-99A7-9EE0F344C385}" refers to invalid object "C:\Program Files\AIM Toolbar\AIMBar.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{4A633ED4-41C3-466e-8E3C-82C33950B53C}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\DLLs\RGWInterfaces_DSR.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{660B82AF-A571-4A19-AC54-5E6E63969676}" refers to invalid object "C:\PROGRA~1\COMMON~1\AOL\AOLTOO~1\smartbox.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{6AE4CC6E-999C-11D4-A3F0-009027427750}" refers to invalid object "C:\Program Files\Yahoo!\Messenger\yauto.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{7063B95A-70DB-4BAC-AF83-2E07A14B5D90}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\DLLs\RGWInterfaces_DSR.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{73094ADD-EAB6-D9FC-A330-3FACF78F51B3}" refers to invalid object "c:\PROGRA~1\NORTON~1\NAVOpts.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{88E729D6-BDC1-11D1-BD2A-00C04FB9603F}" refers to invalid object "fde.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9869EFB4-18E9-11D3-A837-00104B9E30B5}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\CmdLineExt02.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{9A47AE6D-B9F1-4197-A794-48B6A8CF9F4F}" refers to invalid object "C:\Program Files\MSN\MSNCoreFiles\money\msofd.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{B47BE342-5D4A-11D7-84F4-000AE634B086}" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B7DJ7H8O\IconDrop[1]\AUXSOCK.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{C63A574F-D681-4F2C-BC55-8C9BB71577E0}" refers to invalid object "C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B7DJ7H8O\IconDrop[1]\LVBUTTONS.OCX". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{CEDDF50D-9FA7-41A8-BCD0-6350D1ED2306}" refers to invalid object "C:\DOCUME~1\Owner\LOCALS~1\Temp\DLLs\BJAXSecurityManager.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{EE7CB360-F635-449D-BBB1-0D844F2A269D}" refers to invalid object "C:\Program Files\Common Files\AOL\AOL Toolbar\AOLHelper.dll". Action Taken: No Action Taken.
Entry "HKCR\CLSID\{F42D656E-34AD-11D5-A8E0-00A0CC663B7C}" refers to invalid object "C:\WINDOWS\wt\wtgutils\wtgutils.dll". Action Taken: No Action Taken.
Entry "HKCR\BHO.BHOSO" refers to invalid object "{EE02B99B-1D55-48bc-B8DB-649A42CE45F6}". Action Taken: No Action Taken.
Entry "HKCR\BHO.BHOSO.1" refers to invalid object "{EE02B99B-1D55-48bc-B8DB-649A42CE45F6}". Action Taken: No Action Taken.
Entry "HKCR\bundle.BundleObj" refers to invalid object "{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}". Action Taken: No Action Taken.
Entry "HKCR\bundle.BundleObj.1" refers to invalid object "{447160CD-ECF5-4EA2-8A8A-1F70CA363F85}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DirectPlayVoiceVox.AXScript.2" refers to invalid object "{59F88EDA-CFFE-67B2-ABBE-B6EC0D427D32}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\ImageReady.Application.1" refers to invalid object "{52F2F130-2BC5-11D2-8FB7-000000000000}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\MiniBugTransporter.MiniBugTransporterX.1" refers to invalid object "{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C}". Action Taken: No Action Taken.
Entry "HKCR\MSLFD.Engine" refers to invalid object "{2ADC9224-3B3E-4390-82A1-DC62895D5406}". Action Taken: No Action Taken.
Entry "HKCR\MSLFD.Engine.10" refers to invalid object "{2ADC9224-3B3E-4390-82A1-DC62895D5406}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\SafeGuardProtect.PCShield" refers to invalid object "{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}". Action Taken: No Action Taken.
Entry "HKCR\SafeGuardProtect.PCShield.2.0" refers to invalid object "{564FFB73-9EEF-4969-92FA-5FC4A92E2C2A}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\YBIOCtrl.CompanionBHO.2" refers to invalid object "{13F537F0-AF09-11d6-9029-0002B31F9E59}". Action Taken: No Action Taken.
File C:\WINDOWS\fhqlilw.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\grrauok.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\mjxmvww.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\msxmidi.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.582. No Action Taken.
File C:\WINDOWS\mwslqhf.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\odwkbiu.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\quboaxe.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\vsqslos.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\yelrmal.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\BO2801040128.dll.tcf tagged as "not-a-virus:AdWare.VirtualBouncer.d". Action Taken: No Action Taken.
File C:\WINDOWS\System32\prvtuaaa.exe infected by "Trojan.Win32.StartPage.abc" Virus! Action Taken: No Action Taken.
File C:\WINDOWS\System32\windec32.dll.tcf tagged as "not-a-virus:AdWare.ToolBar.Ilookup.b". Action Taken: No Action Taken.
File C:\WINDOWS\System32\windec33.dll tagged as "not-a-virus:AdWare.ToolBar.Ilookup.b". Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\035A4BF6.exe infected by "Trojan-Downloader.Win32.Small.bct" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07383971.htm infected by "Exploit.HTML.Mht" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\07553351.exe tagged as not-a-virus:Client-IRC.Win32.mIRC.582. No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2008306B.exe infected by "Trojan-Downloader.Win32.Small.bct" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\26C73BDB.exe infected by "Trojan-Downloader.Win32.Small.ayl" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP19\A0003779.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP20\A0003916.dll infected by "Trojan-Clicker.Win32.Delf.r" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP22\A0006261.exe infected by "Trojan.Win32.Zapchast" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP23\A0006286.dll infected by "Trojan.Win32.Agent.r" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP23\A0006288.dll infected by "HackTool.Win32.Hidd.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP27\A0007525.dll tagged as "not-a-virus:AdWare.TimeSink.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP35\A0009128.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP35\A0009140.exe tagged as "not-a-virus:AdWare.HelpExpress". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP40\A0009448.dll infected by "Trojan-Dropper.Win32.Small.abe" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP40\A0009450.exe tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP40\A0009456.dll tagged as "not-a-virus:AdWare.180Solutions". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP40\A0009461.exe tagged as "not-a-virus:AdWare.SaveNow.m". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP43\A0009688.dll tagged as "not-a-virus:AdWare.WebSearch.a". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP43\A0009695.dll infected by "HackTool.Win32.Hidd.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP43\A0009801.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP43\A0009808.dll tagged as "not-a-virus:AdWare.ToolBar.Ilookup.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP43\A0009809.exe tagged as "not-a-virus:AdWare.SaveNow.m". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP44\A0009862.dll tagged as "not-a-virus:AdWare.TimeSink.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP44\A0009863.exe tagged as "not-a-virus:AdWare.TimeSink". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010165.dll tagged as "not-a-virus:AdWare.WebSearch.d". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010241.dll tagged as "not-a-virus:AdWare.Wintol.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010242.exe infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010243.exe tagged as "not-a-virus:AdWare.Wintol.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010244.dll tagged as "not-a-virus:AdWare.WebSearch.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010245.exe tagged as "not-a-virus:AdWare.WebSearch.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010246.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP46\A0010247.dll tagged as "not-a-virus:AdWare.WebSearch.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010362.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010366.dll tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010367.exe infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010368.exe infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010369.exe tagged as "not-a-virus:AdWare.Wintol.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010370.exe tagged as "not-a-virus:AdWare.Wintol.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010553.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP47\A0010557.exe infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010564.dll tagged as "not-a-virus:AdWare.Wintol.p". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010567.dll infected by "Trojan-Spy.Win32.Briss.i" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010570.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010647.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010658.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010669.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010716.exe tagged as "not-a-virus:AdWare.WebSearch.f". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010720.dll tagged as "not-a-virus:AdWare.WebSearch.o". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010721.exe tagged as "not-a-virus:AdWare.WebSearch.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP48\A0010739.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP51\A0010908.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP51\A0010972.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP51\A0010983.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP53\A0011528.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP54\A0011649.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP54\A0011650.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP54\A0011651.exe infected by "Trojan-Downloader.Win32.Wintool.a" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP57\A0011792.exe tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP57\A0011793.dll tagged as "not-a-virus:AdWare.Wintol.y". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP57\A0011825.dll infected by "Trojan-Spy.Win32.Briss.i" Virus! Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP61\A0013341.EXE tagged as "not-a-virus:AdWare.ToolBar.MyWay.b". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP61\A0013345.DLL tagged as "not-a-virus:AdWare.ToolBar.MyWay.c". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP66\A0017063.dll tagged as "not-a-virus:AdWare.F1Organizer.n". Action Taken: No Action Taken.
File C:\System Volume Information\_restore{F2681A7D-91E5-401A-AC8B-015335799DC0}\RP66\A0017428.exe infected by "Trojan-Downloader.Win32.Adload.a" Virus! Action Taken: No Action Taken.
File C:\System Vol