Panda scan reportIncident Status Location
Adware:adware/elitebar No disinfected Windows Registry
Dialer:dialer.asl No disinfected HKEY_CLASSES_ROOT\CLSID\{0D62A517-E7C6-4E1F-A577-07D4AC549A48}
Adware:adware/ist.istbar No disinfected Windows Registry
Adware:Adware/Lop No disinfected C:\Documents and Settings\All Users\Application Data\Jump ref link bat\32mode.exe
Adware:Adware/nCase No disinfected C:\Program Files\AVPersonal\INFECTED\INIT[1].JS.VIR
HijackThis LogLogfile of HijackThis v1.99.1
Scan saved at 1:55:44 AM, on 11/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\nvraidservice.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\wbem\unsecapp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Feng\Desktop\Anti-Spyware\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: MSEvents Object - {79A576C4-B7A9-47EC-B57C-2CE5CA6ECC6A} - C:\WINDOWS\System32\awvtu.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: ninemsn - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-au\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVRTCLK] C:\WINDOWS\System32\NVRTCLK\NVRTClk.exe
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\System32\nvraidservice.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Windows Update] sccvhost.exe
O4 - HKLM\..\RunServices: [Quick Time Video Codec] qtime32.exe
O4 - HKLM\..\RunServices: [Microsoft Windows Update] sccvhost.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows Update] sccvhost.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {0D62A517-E7C6-4E1F-A577-07D4AC549A48} (Progetto1.int_ver32) -
http://advnt01.com/d.../int_ver32b.CABO16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....467&clcid=0x409O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -
http://messenger.zon...er.cab31267.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
http://security.syma...bin/AvSniff.cabO16 - DPF: {3A2B370C-BA0A-11D1-B137-0000F8753F5D} (Microsoft Chart Control 6.0 (SP4) (OLEDB)) -
http://www.fangdi.com.cn/mschart.cabO16 - DPF: {3D4843A9-3D1C-4F34-B3A2-FEA9AA7F42D6} (WebInsDV Control) -
http://download.drvi...5_2/DrVirus.cabO16 - DPF: {42B1C70D-9823-41F7-810A-682DA294D868} - ms-its:mhtml:file://c:\nosuxxx.mht!
http://sxload.com/da...chm::/sload.exeO16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://spaces.msn.co...ad/MsnPUpld.cabO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/s...nfo/webscan.cabO16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) -
http://download.zone.../ICSScanner.cabO16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) -
http://installs.spam...ckerutility.cabO16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -
http://messenger.zon...nt.cab31267.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) -
http://messenger.msn...pDownloader.cabO16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zon...ro.cab32846.cabO16 - DPF: {BD0F9A7F-695B-4AF4-90E9-08C5DD12FA35} (AtlCtrl Class) -
http://www.yesicon.com/start001.cabO16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) -
http://messenger.zon...ot.cab31267.cabO16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) -
http://messenger.zon...ss.cab31267.cabO16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) -
http://messenger.zon...wn.cab31267.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: awvtu - C:\WINDOWS\System32\awvtu.dll (file missing)
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\PROGRAM FILES\AVPERSONAL\AVGUARD.EXE
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
the contents of smitfiles.txt smitRem © log file
version 2.7
by noahdfear
Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 11/11/2005
The current time is: 16:02:39.10
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key not present!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
PSGuard.com
~~~ Favorites ~~~
~~~ system32 folder ~~~
wp.bmp
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
CLEAN!
Ewido Log---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 4:47:29 PM, 11/11/2005
+ Report-Checksum: 1FD7CB72
+ Scan result:
HKLM\SOFTWARE\Classes\AppID\HbSrv.EXE -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\HbSrv.EXE\\AppID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{B701A705-F828-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AB71193-EC19-4D70-85C2-E46E2FF02755}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{175652E8-8BCC-47C4-B591-0D630F469C19}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{31A59636-0FA3-4A56-954D-DB7AD02840D8}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3FA917B9-DF69-477F-9E4F-B60D929DE79F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66B90ADB-0BE3-40AE-8680-84A6F0577CA0}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{74CC49F7-EB32-4A08-B204-948962A6E3DB}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E66936C-FEA0-4984-AD26-7B6661AC5B2E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A14C0D8D-E753-4E73-9E2B-4070791D8940}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2BAA4C9-AE1E-4605-AE2F-A1C49A30D881}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EA232A0A-46F8-4D44-A30B-50321518A828} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ED8525EA-2BFC-4440-BD8A-20EFB9D5E541}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA16BCE1-5E36-472A-8466-E0CDD5CE00E6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Contact.Contacts.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{023A4648-601A-4C30-8A2E-C72EBFA99AF6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{175816A5-219E-4079-B2F9-53C501C409BA}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{19EBCBE0-9245-4397-BC5D-883D34782043}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{20D21E02-8C1C-41FE-9826-DAB4C223436C} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{20D21E02-8C1C-41FE-9826-DAB4C223436C}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{27C4569F-8728-4958-A920-A607CAE8153C}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{397A208B-3D09-4B3E-93E8-CA171886612E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3C1A06CC-3981-4DB9-B5B6-B4B8ECB1D7F2}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{421745E9-16DF-4EE4-A758-D51F939C49CB}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4331EC56-0AAB-499E-8757-DD2EE44AD671}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4921DB9C-64EA-430A-ABD2-D016DB5A0AC4}\ProxyStubClsid32\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{54286C3A-E044-4E65-BD44-528D6AE28A18}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{5D16197A-1EAA-45AF-B29A-69F1AA055E87}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{5F2B9DE7-F878-4762-8CFE-E9C58F082F0E}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66291BEF-C867-43C0-A7B4-D13393814BCD} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{66291BEF-C867-43C0-A7B4-D13393814BCD}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8654592E-952A-4E7C-A960-304763B35FA6}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8A61A950-C325-4F44-BA64-273180FF3464}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8D5C4EC6-AF8E-4B85-BA27-64BABE410510}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8E98FAF8-794F-47F9-AF90-15305564ED81}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9387EAA3-66DC-4DA5-B40B-C9D080D6F818}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9CDDFBC2-8DC8-4F01-9143-9685D6E16DFC}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AF15975B-1498-4740-8E6C-90AF78E4198C}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B53D4CD4-406D-43CC-8244-7893D72236DD}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B9BB3219-F84C-4060-966B-4A1E73E24226}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC8C2E5F-D8B4-4997-BCE3-8775C3707956}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CC9AA028-D639-442F-B97D-A2DAD8F293A2}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D082721F-4BD4-4B8B-BB82-06753EE6174F}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D24F9D3C-5D4C-47F8-9AB7-632B44AD6A0D}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EA232A0A-46F8-4D44-A30B-50321518A828} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EA232A0A-46F8-4D44-A30B-50321518A828}\ProxyStubClsid32\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F43EC88B-B6C8-4969-A763-E2BF55602CCE}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F786CB18-3809-4E49-BC99-9A66DA47DB8B}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F814BE58-1BF9-4B50-829A-E889F86127AD}\TypeLib\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaPassX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\PLOT.PlotCtrl.1 -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbHostIE.Bho\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbHostIE.Bho.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbSrv.CoreServices\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbSrv.CoreServices.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbToolbar.HtmlMenuUI\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SbToolbar.HtmlMenuUI.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SpamBlockerConfig.Application\Clsid\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SpamBlockerConfig.Application.1\Clsid\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SpamBlockerUtility.CommBand\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SpamBlockerUtility.CommBand.1\CLSID\\ -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{45397063-D7D0-47C2-9508-26487608A298} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5BA32D9E-F1BD-476C-AD42-97C9379A57A4} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{71E9CF40-AF72-4B55-BD3F-1FEA2A0EAEA6} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{71EFE583-62FE-4419-9918-CA3B683F7B36} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{9967A873-40F3-4C7E-9239-6C8760F19F61} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B9F51D42-CCA0-4408-BB02-D433D1865A3A} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaPassX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaPassX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-21-789336058-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-789336058-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-789336058-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-789336058-527237240-839522115-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{74CC49F7-EB32-4A08-B204-948962A6E3DB} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-789336058-527237240-839522115-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Feng\Application Data\Netscape\NSB\Profiles\yxy354up.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Feng\Application Data\Netscape\NSB\Profiles\yxy354up.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Feng\Application Data\Netscape\NSB\Profiles\yxy354up.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Feng\Application Data\Netscape\NSB\Profiles\yxy354up.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Feng\Application Data\Netscape\NSB\Profiles\yxy354up.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Feng\Application Data\Netscape\NSB\Profiles\yxy354up.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Feng\Application Data\Netscape\NSB\Profiles\yxy354up.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Feng\Desktop\Anti-Spyware\backups\backup-20051111-012741-667.dll -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Feng\Desktop\My Stuff\MirC Scripts\Destiny-Zero!2.zip/Destiny-Zero!2/sys/vtjnuker.exe -> Not-A-Virus.Flooder.ICMP.Anarklik.20 : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\Config.xml -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\db -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\db\Aliases.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\db\Sites.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\dwld -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\report -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\report\ag.xml -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\report\ag.xml.db -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\report\send.xml -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\report\send.xml.db -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\res2 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\cs\res2\WhiteList.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Ken\Application Data\ShopperReports\shprrprt.log -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\Config.xml -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\db -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\db\Aliases.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\db\Sites.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\dwld -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\report -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\report\ag.xml -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\report\ag.xml.db -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\report\send.xml -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\report\send.xml.db -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\res2 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\cs\res2\WhiteList.dbs -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Laura\Application Data\ShopperReports\shprrprt.log -> Spyware.HotBar : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\A0000271.EXE.VIR -> Trojan.Agent.eo : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\A0000315.EXE.VIR -> Trojan.Agent.eo : Cleaned with backup
C:\Program Files\AVPersonal\INFECTED\A0001792.EXE.VIR -> Trojan.Agent.eo : Cleaned with backup
C:\Program Files\ShopperReports -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin\1.0.4.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\Contact.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbGuard.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\SpamBlockerUtility\bin\4.6.1.0\SbHostOE.dll -> Spyware.HotBar : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\int_ver32b.ocx -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system32\eiibipuk.exe -> Spyware.HotBar : Cleaned with backup
C:\WINDOWS\system32\NaviHelper.dll -> Spyware.NaviSearch : Cleaned with backup
C:\WINDOWS\system32\wirl0g0n.exe -> TrojanDropper.Small.na : Cleaned with backup
::Report End