It seems like it is inactive now, althought the HKLM\software\psguard registry entry is still present. Here's the logs. I did not see how the panda scan can be saved, but they all came up zero. Any ideas on the registry problem?
Jeff
Logfile of HijackThis v1.99.1
Scan saved at 2:49:32 PM, on 8/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hijackthis\HIJACKTHIS.EXE
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: HPAiODevice(hp psc 700 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp psc 700 series\Bin\hpobrt07.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Panda Online (copied from screen)
Detected Disinfected
Virus 0 0
Spyware 0 0
Hacking Tools 0 0
Dialers 0 0
Security Risks 0 0
Suspicious files 0 0
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:35:41 PM, 8/3/2005
+ Report-Checksum: 7A76781B
+ Scan result:
HKLM\SOFTWARE\Classes\Interface\{A80347DF-F757-11D4-A466-00508B5BA2DF} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A986F4DB-792E-4571-8974-0BB6E024766F} ->
Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} ->
Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AD9A7B03-BE12-11D4-B493-00D0B77F0A6D} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B00609A6-82AF-4C55-BBB8-ADC8593CEB86} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B195B3B2-8A05-11D3-97A4-0004ACA6948E} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BCCAB53D-0895-40C3-A942-A03538CE227A} ->
Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C0F88E9E-DCEB-4655-968A-AE508A677C39} ->
Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956} ->
Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C8539BFE-8FD7-405C-8EEF-D9AF48DC6BA4} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D7EAC2D8-2D52-4010-A4AD-DFDF60C1706C} ->
Spyware.SecondThought : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DA603411-0593-11D5-A46B-10101B1B1111} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DA603411-0593-11D5-A46B-10101DDD1111} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} ->
Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} ->
Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F4132B7B-1576-41B6-ABD8-39C6C53047F7} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F7A1BF21-1D7D-4F5F-A201-0CA35A5CD68F} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544} ->
Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res ->
Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CLSID -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CurVer -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CLSID -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CurVer -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CLSID -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CurVer -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CLSID -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CurVer -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CLSID -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CurVer -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CLSID -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CurVer -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CLSID -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CurVer -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\SWRT01.RT -> Spyware.SecondThought : Cleaned with
backup
HKLM\SOFTWARE\Classes\SWRT01.RT\Clsid -> Spyware.SecondThought : Cleaned
with backup
HKLM\SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5BA32D9E-F1BD-476C-AD42-97C9379A57A4} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5E594162-60A9-487D-84B8-DBDD716CB862} ->
Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{60F63095-41EC-11D5-B558-00D0B77F0A6D} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{94BEB7A2-36B7-46DC-8AD1-81A8332409C0} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{A80347D3-F757-11D4-A466-00508B5BA2DF} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B195B3A5-8A05-11D3-97A4-0004ACA6948E} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B701A704-F828-11D4-A466-00508B5BA2DF} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B} ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID -> Spyware.HotBar :
Cleaned with backup
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer -> Spyware.HotBar
: Cleaned with backup
HKLM\SOFTWARE\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOI\Mail -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOI\Updates -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Hotbar\HostOL -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOL\Mail -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOL\Updates -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Install -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Hotbar\Hotbar\Install\cmpmap -> Spyware.HotBar : Cleaned
with backup
HKLM\SOFTWARE\Hotbar\Hotbar\MachineInfo -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Hotbar\Hotbar\Mail -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Updates -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Hotbar\Hotbar\Upgrade -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Install\CmpMap -> Spyware.HotBar : Cleaned with
backup
HKLM\SOFTWARE\Hotbar\Updates -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\IncrediFind -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\IncrediFind\BHO\HomePage -> Spyware.KeenValue : Cleaned with
backup
HKLM\SOFTWARE\IncrediFind\BHO\RedirectURLS -> Spyware.KeenValue : Cleaned
with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-
9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-
8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\HbHostOL.HbMailAnim ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI ->
Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO ->
Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarOutlookTools ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarWebTools ->
Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopper Reports
by Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\updater -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\updater\{8D15A72D-62E0-4733-B057-0A81B4FFEB3D} ->
Spyware.KeenValue : Cleaned with backup
::Report End