Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Help Please


  • This topic is locked This topic is locked
29 replies to this topic

#1 sanjay

sanjay

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 18 February 2007 - 02:45 PM

Help appreciated:

PC is slow, outlook express no longer connects to pop3 server, avg installs but won't get latest update, spybot installs but can't connect to get definitions file.

Log file is:

Logfile of HijackThis v1.99.1
Scan saved at 18:41:43, on 18/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\DitExp.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\blueyonderWCM\McciTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\DOCUME~1\Neeraj\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.blueyonder.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aldi.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {F7BF9C66-3216-F098-4AAF-CD92D3CA2FA7} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [InCD] D:\Tools\Nero Burning ROM 5.5.10.7\InCD\vsn95\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [blueyonderWCM_McciTrayApp] C:\Program Files\blueyonderWCM\McciTrayApp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [plusbase] C:\DOCUME~1\Neeraj\APPLIC~1\MANAGE~1\boneview.exe
O4 - HKCU\..\Run: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - HKCU\..\Run: [Spyware Doctor] C:\PROGRA~1\SPYWAR~1\swdoctor.exe /Q
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\exio-libremp3-uk\index.html (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: load - http://www.funtest.c...e/html/load.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Advertisements

Register to Remove


#2 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 18 February 2007 - 05:44 PM

Hi sanjayand welcome to Tom Coyote forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!

dan

#3 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 19 February 2007 - 10:39 AM

Hi Sanjay

Check this out for info on Weatherbug and make your own decision:

http://www.pchell.co...eatherbug.shtml

Here is an adware free alternative:

http://www.singerscreations.com/

______________________________

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Posted Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.

Thanks dan

#4 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 19 February 2007 - 10:44 AM

Hi sanjay, apology on above post, Ignore item regarding weather bug this doesn't apply to you. but I will have an uninstall list to start with. Thanks dan

#5 sanjay

sanjay

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 19 February 2007 - 04:05 PM

Hi Dan,

Thanks for taking a look.

Don't have access to infected machine until tomorrow - is the Startup list below any good to you?

StartupList report, 19/02/2007, 21:26:39
StartupList version: 1.52.2
Started from : C:\DOCUME~1\HARISH~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16414)
* Using default options
* Including empty and uninteresting sections
* Showing rarely important sections
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\blueyonderWCM\McciTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\HARISH~1\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\Hari Sharma\Start Menu\Programs\Startup]
*No files*

Shell folders AltStartup:
*Folder not found*

User shell folders Startup:
*Folder not found*

User shell folders AltStartup:
*Folder not found*

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
BTTray.lnk = ?
hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpoddt01.exe.lnk = ?
Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE

Shell folders Common AltStartup:
*Folder not found*

User shell folders Common Startup:
*Folder not found*

User shell folders Alternate Common Startup:
*Folder not found*

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

[HKLM\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

[HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
*Registry value not found*

[HKCU\Software\Microsoft\Windows\CurrentVersion\Winlogon]
*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
(Default) =
MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background
MoneyAgent = "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
plusbase = C:\DOCUME~1\HARISH~1\APPLIC~1\MANAGE~1\boneview.exe
RealPlayer = "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

*No values found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run

*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
*No values found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
*No subkeys found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Run
*Registry key not found*

--------------------------------------------------

File association entry for .EXE:
HKEY_CLASSES_ROOT\exefile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .COM:
HKEY_CLASSES_ROOT\comfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .BAT:
HKEY_CLASSES_ROOT\batfile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .PIF:
HKEY_CLASSES_ROOT\piffile\shell\open\command

(Default) = "%1" %*

--------------------------------------------------

File association entry for .SCR:
HKEY_CLASSES_ROOT\scrfile\shell\open\command

(Default) = "%1" /S

--------------------------------------------------

File association entry for .HTA:
HKEY_CLASSES_ROOT\htafile\shell\open\command

(Default) = C:\WINDOWS\system32\mshta.exe "%1" %*

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOT\txtfile\shell\open\command

(Default) = %SystemRoot%\system32\NOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] *
StubPath = C:\WINDOWS\system32\ieudinit.exe

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\inf\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig

[>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] *
StubPath = RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT

[{5945c046-1e7d-11d1-bc44-00c04fd912be}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser

[{6BF52A52-394A-11d3-B153-00C04F79FAA6}] *
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp10.inf,PerUserStub

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = C:\WINDOWS\system32\ie4uinit.exe -BaseSettings

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install

[{8b15971b-5355-4c82-8c07-7e181ea07608}]
StubPath = rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser

[{94de52c8-2d59-4f1b-883e-79663d2d9a8c}]
StubPath = rundll32.exe C:\WINDOWS\System32\Setup\FxsOcm.dll,XP_UninstallProvider

--------------------------------------------------

Enumerating ICQ Agent Autostart apps:
HKCU\Software\Mirabilis\ICQ\Agent\Apps

*Registry key not found*

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\PROGRA~1\EYETID~1\EYETID~1\EYETID~1.SCR
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present
C:\WINDOWS\Fonts\Explorer.exe: not present

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:\WINDOWS
- .reg open command is normal (regedit.exe %1)
- Company name OK: 'Microsoft Corporation'
- Original filename OK: 'REGEDIT.EXE'
- File description: 'Registry Editor'

Registry check passed

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - (no file) - SOFTWARE
(no name) - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
(no name) - C:\Program Files\Microsoft Money\System\mnyside.dll - {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
(no name) - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - (no file) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
(no name) - c:\program files\google\googletoolbar4.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}
(no name) - (no file) - {F7BF9C66-3216-F098-4AAF-CD92D3CA2FA7}
(no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}

--------------------------------------------------

Enumerating Task Scheduler jobs:

*No jobs found*

--------------------------------------------------

Enumerating Download Program Files:

[DirectAnimation Java Classes]
CODEBASE = file://C:\WINDOWS\Java\classes\dajava.cab
OSD = C:\WINDOWS\Downloaded Program Files\DirectAnimation Java Classes.osd

[load]
CODEBASE = http://www.funtest.c...e/html/load.CAB
OSD = C:\WINDOWS\Downloaded Program Files\OSD3.OSD

[Microsoft XML Parser for Java]
CODEBASE = file://C:\WINDOWS\Java\classes\xmldso.cab
OSD = C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd

[Checkers Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\msgrchkr.dll
CODEBASE = http://messenger.zon...kr.cab27571.cab

[QuickTime Object]
InProcServer32 = C:\Program Files\QuickTime\QTPlugin.ocx
CODEBASE = http://a1540.g.akama...ex/qtplugin.cab

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://download.macr...director/sw.cab

[Windows Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\legitcheckcontrol.dll
CODEBASE = http://go.microsoft....467&clcid=0x409

[Minesweeper Flags Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\minesweeper.dll
CODEBASE = http://messenger.zon...er.cab31267.cab

[Symantec AntiVirus scanner]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\avsniff.dll
CODEBASE = http://security.syma...bin/AvSniff.cab

[MSN Photo Upload Tool]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll
CODEBASE = http://spaces.msn.co...ad/MsnPUpld.cab

[Symantec RuFSI Utility Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\rufsi.dll
CODEBASE = http://security.syma...n/bin/cabsa.cab

[{88D758A3-D33B-45FD-91E3-67749B4057FA}]
CODEBASE = http://dm.screensave.../sinstaller.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[MessengerStatsClient Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll
CODEBASE = http://messenger.zon...nt.cab27571.cab

[{9F1C11AA-197B-4942-BA54-47A8489BB47F}]
CODEBASE = http://v4.windowsupd...7670.4321064815

[MsnMessengerSetupDownloadControl Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MsnMessengerSetupDownloader.ocx
CODEBASE = http://messenger.msn...pDownloader.cab

[Java Plug-in 1.4.2_06]
InProcServer32 = C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Java Plug-in 1.5.0_04]
InProcServer32 = C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
CODEBASE = http://java.sun.com/...indows-i586.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx
CODEBASE = http://fpdownload.ma...ash/swflash.cab

[Yahoo! Webcam Viewer Wrapper]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yvwrctl.dll
CODEBASE = http://chat.yahoo.com/cab/yvwrctl.cab

--------------------------------------------------

Enumerating Winsock LSP files:

NameSpace #1: C:\WINDOWS\System32\mswsock.dll
NameSpace #2: C:\WINDOWS\System32\winrnr.dll
NameSpace #3: C:\WINDOWS\System32\mswsock.dll
NameSpace #4: C:\WINDOWS\system32\wshbth.dll
Protocol #1: C:\WINDOWS\system32\mswsock.dll
Protocol #2: C:\WINDOWS\system32\mswsock.dll
Protocol #3: C:\WINDOWS\system32\mswsock.dll
Protocol #4: C:\WINDOWS\system32\mswsock.dll
Protocol #5: C:\WINDOWS\system32\mswsock.dll
Protocol #6: C:\WINDOWS\system32\mswsock.dll
Protocol #7: C:\WINDOWS\system32\mswsock.dll
Protocol #8: C:\WINDOWS\system32\mswsock.dll
Protocol #9: C:\WINDOWS\system32\mswsock.dll
Protocol #10: C:\WINDOWS\system32\mswsock.dll
Protocol #11: C:\WINDOWS\system32\mswsock.dll
Protocol #12: C:\WINDOWS\system32\mswsock.dll
Protocol #13: C:\WINDOWS\system32\mswsock.dll
Protocol #14: C:\WINDOWS\system32\mswsock.dll
Protocol #15: C:\WINDOWS\system32\mswsock.dll
Protocol #16: C:\WINDOWS\system32\mswsock.dll
Protocol #17: C:\WINDOWS\system32\mswsock.dll
Protocol #18: C:\WINDOWS\system32\mswsock.dll
Protocol #19: C:\WINDOWS\system32\mswsock.dll
Protocol #20: C:\WINDOWS\system32\mswsock.dll
Protocol #21: C:\WINDOWS\system32\mswsock.dll
Protocol #22: C:\WINDOWS\system32\mswsock.dll
Protocol #23: C:\WINDOWS\system32\mswsock.dll
Protocol #24: C:\WINDOWS\system32\mswsock.dll
Protocol #25: C:\WINDOWS\system32\mswsock.dll
Protocol #26: C:\WINDOWS\system32\mswsock.dll
Protocol #27: C:\WINDOWS\system32\mswsock.dll
Protocol #28: C:\WINDOWS\system32\mswsock.dll
Protocol #29: C:\WINDOWS\system32\rsvpsp.dll
Protocol #30: C:\WINDOWS\system32\rsvpsp.dll

--------------------------------------------------

Enumerating Windows NT/2000/XP services

Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
Microsoft Kernel Acoustic Echo Canceller: system32\drivers\aec.sys (manual start)
AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (system)
Service for Realtek AC97 Audio (WDM): system32\drivers\ALCXWDM.SYS (manual start)
Alerter: %SystemRoot%\System32\svchost.exe -k LocalService (disabled)
Application Layer Gateway Service: %SystemRoot%\System32\alg.exe (manual start)
Application Management: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
1394 ARP Client Protocol: System32\DRIVERS\arp1394.sys (manual start)
ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
ati2mtag: system32\DRIVERS\ati2mtag.sys (manual start)
ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
Windows Audio: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
Automatic LiveUpdate Scheduler: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" (autostart)
AVG7 Alert Manager Server: C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe (autostart)
AVG7 Kernel: \SystemRoot\System32\Drivers\avg7core.sys (system)
AVG7 Wrap Driver: \SystemRoot\System32\Drivers\avg7rsw.sys (system)
AVG7 Resident Driver XP: \SystemRoot\System32\Drivers\avg7rsxp.sys (system)
AVG7 Update Service: C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe (autostart)
AVG7 Clean Driver: \SystemRoot\System32\Drivers\avgclean.sys (system)
AVG E-mail Scanner: C:\PROGRA~1\Grisoft\AVG7\avgemc.exe (autostart)
AVG Network Redirector: \SystemRoot\System32\Drivers\avgtdi.sys (autostart)
Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Computer Browser: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Bluetooth Request Block Driver: system32\DRIVERS\BthEnum.sys (manual start)
Bluetooth Modem Communications Driver: system32\DRIVERS\bthmodem.sys (manual start)
Bluetooth Device (Personal Area Network): system32\DRIVERS\bthpan.sys (manual start)
Bluetooth Port Driver: System32\Drivers\BTHport.sys (manual start)
Bluetooth Support Service: %SystemRoot%\system32\svchost.exe -k bthsvcs (autostart)
Bluetooth Radio USB Driver: System32\Drivers\BTHUSB.sys (manual start)
Bluetooth Protocol Stack: system32\drivers\btkrnl.sys (system)
Bluetooth Serial Driver: \??\C:\WINDOWS\system32\drivers\btserial.sys (autostart)
Bluetooth Port Client Driver: \??\C:\WINDOWS\system32\drivers\btslbcsp.sys (autostart)
Bluetooth Service: C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe (autostart)
MEDION (7134) WDM Video Capture: System32\DRIVERS\Cap7134.sys (manual start)
Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
Indexing Service: %SystemRoot%\system32\cisvc.exe (manual start)
ClipBook: %SystemRoot%\system32\clipsrv.exe (disabled)
Symantec Lic NetConnect service: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (autostart)
COM+ System Application: C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} (manual start)
Cryptographic Services: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
DCOM Server Process Launcher: %SystemRoot%\system32\svchost -k DcomLaunch (autostart)
DHCP Client: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Disk Driver: System32\DRIVERS\disk.sys (system)
Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
dmboot: System32\drivers\dmboot.sys (disabled)
dmio: System32\drivers\dmio.sys (disabled)
dmload: System32\drivers\dmload.sys (disabled)
Logical Disk Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
DMSKSSRh: \??\C:\DOCUME~1\HARISH~1\LOCALS~1\Temp\DMSKSSRh.sys (manual start)
Microsoft Kernel DLS Syntheiszer: system32\drivers\DMusic.sys (manual start)
DNS Client: %SystemRoot%\System32\svchost.exe -k NetworkService (autostart)
MS IEEE-1284.4 Driver: System32\DRIVERS\Dot4.sys (manual start)
Print Class Driver for IEEE-1284.4: System32\DRIVERS\Dot4Prt.sys (manual start)
Dot4USB Filter Dot4USB Filter: System32\DRIVERS\dot4usb.sys (manual start)
Microsoft Kernel DRM Audio Descrambler: system32\drivers\drmkaud.sys (manual start)
Symantec Eraser Control driver: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (system)
Error Reporting Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Event Log: %SystemRoot%\system32\services.exe (autostart)
COM+ Event System: C:\WINDOWS\System32\svchost.exe -k netsvcs (manual start)
Fast User Switching Compatibility: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
FltMgr: system32\drivers\fltmgr.sys (system)
Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
GEAR CDRom Filter: SYSTEM32\DRIVERS\GEARAspiWDM.sys (manual start)
Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
Google Updater Service: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (manual start)
Help and Support: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Microsoft Bluetooth HID Miniport: system32\DRIVERS\hidbth.sys (manual start)
Human Interface Device Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (manual start)
IEEE-1284.4 Driver HPZid412: System32\DRIVERS\HPZid412.sys (manual start)
Print Class Driver for IEEE-1284.4 HPZipr12: System32\DRIVERS\HPZipr12.sys (manual start)
USB to IEEE-1284.4 Translation Driver HPZius12: System32\DRIVERS\HPZius12.sys (manual start)
HTTP: System32\Drivers\HTTP.sys (manual start)
HTTP SSL: %SystemRoot%\System32\svchost.exe -k HTTPFilter (manual start)
i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
InstallDriver Table Manager: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" (manual start)
CD-Burning Filter Driver: System32\DRIVERS\imapi.sys (system)
IMAPI CD-Burning COM Service: C:\WINDOWS\System32\imapi.exe (manual start)
Intel Processor Driver: System32\DRIVERS\intelppm.sys (system)
Creatix V.9X DSP Data Fax Modem: System32\DRIVERS\ctxs51.sys (manual start)
IPv6 Windows Firewall Driver: system32\drivers\ip6fw.sys (manual start)
IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
iPod Service: "C:\Program Files\iPod\bin\iPodService.exe" (manual start)
IPSEC driver: System32\DRIVERS\ipsec.sys (system)
IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
Keyboard HID Driver: system32\DRIVERS\kbdhid.sys (system)
Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
Server: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Workstation: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
LiveUpdate: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" (manual start)
TCP/IP NetBIOS Helper: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
Messenger: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
NetMeeting Remote Desktop Sharing: C:\WINDOWS\System32\mnmsrvc.exe (manual start)
Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
Mouse HID Driver: System32\DRIVERS\mouhid.sys (manual start)
MREMPR5 NDIS Protocol Driver: \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS (manual start)
MRENDIS5 NDIS Protocol Driver: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS (manual start)
WebDav Client Redirector: System32\DRIVERS\mrxdav.sys (manual start)
MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
Distributed Transaction Coordinator: C:\WINDOWS\System32\msdtc.exe (manual start)
Windows Installer: C:\WINDOWS\system32\msiexec.exe /V (manual start)
Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
Microsoft System Management BIOS Driver: System32\DRIVERS\mssmbios.sys (manual start)
Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
Motorola SURFboard USB Cable Modem Windows Driver: System32\DRIVERS\NetMotCM.sys (manual start)
Microsoft TV/Video Connection: System32\DRIVERS\NdisIP.sys (manual start)
Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
NDIS Usermode I/O Protocol: System32\DRIVERS\ndisuio.sys (manual start)
Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
Network DDE: %SystemRoot%\system32\netdde.exe (disabled)
Network DDE DSDM: %SystemRoot%\system32\netdde.exe (disabled)
Net Logon: %SystemRoot%\System32\lsass.exe (manual start)
Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Net MD: System32\Drivers\NETMDUSB.sys (manual start)
1394 Net Driver: System32\DRIVERS\nic1394.sys (manual start)
Network Location Awareness (NLA): %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
Removable Storage: %SystemRoot%\system32\svchost.exe -k netsvcs (manual start)
IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
OHCI Compliant IEEE 1394 Host Controller: System32\DRIVERS\ohci1394.sys (system)
Parallel port driver: System32\DRIVERS\parport.sys (manual start)
PCI Bus Driver: System32\DRIVERS\pci.sys (system)
PCIIde: System32\DRIVERS\pciide.sys (system)
Padus ASPI Shell: system32\drivers\pfc.sys (manual start)
MEDION TV-TUNER 7134 MK2/3: System32\DRIVERS\PhTVTune.sys (manual start)
Logitech QuickCam Express(PID_0920): System32\DRIVERS\LV532AV.SYS (manual start)
Plug and Play: %SystemRoot%\system32\services.exe (autostart)
Pml Driver HPZ12: C:\WINDOWS\System32\HPZipm12.exe (manual start)
IPSEC Services: %SystemRoot%\System32\lsass.exe (autostart)
WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
Processor Driver: System32\DRIVERS\processr.sys (system)
Protected Storage: %SystemRoot%\system32\lsass.exe (autostart)
Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
PxHelp20: System32\DRIVERS\PxHelp20.sys (system)
Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
Remote Access PPPOE Driver: System32\DRIVERS\raspppoe.sys (manual start)
Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
Rdbss: System32\DRIVERS\rdbss.sys (system)
RDPCDD: System32\DRIVERS\RDPCDD.sys (system)
Remote Desktop Help Session Manager: C:\WINDOWS\system32\sessmgr.exe (manual start)
Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
Bluetooth Device (RFCOMM Protocol TDI): system32\DRIVERS\rfcomm.sys (manual start)
Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
QoS RSVP: %SystemRoot%\System32\rsvp.exe (manual start)
NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter NT Driver: system32\DRIVERS\wg111v2.sys (manual start)
Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
SBP-2 Transport/Protocol Bus Driver: System32\DRIVERS\sbp2port.sys (system)
Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
Task Scheduler: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Secdrv: System32\DRIVERS\secdrv.sys (autostart)
Secondary Logon: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
Serial port driver: System32\DRIVERS\serial.sys (system)
High-Capacity Floppy Disk Drive: System32\DRIVERS\sfloppy.sys (manual start)
Windows Firewall/Internet Connection Sharing (ICS): %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Shell Hardware Detection: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
SiS AGP Filter: System32\DRIVERS\SISAGPX.sys (system)
SiS PCI Fast Ethernet Adapter Driver: System32\DRIVERS\sisnic.sys (manual start)
BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
Microsoft Kernel Audio Splitter: system32\drivers\splitter.sys (manual start)
Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
System Restore Filter Driver: System32\DRIVERS\sr.sys (system)
srescan: system32\ZoneLabs\srescan.sys (system)
System Restore Service: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Srv: System32\DRIVERS\srv.sys (manual start)
SSDP Discovery Service: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Windows Image Acquisition (WIA): %SystemRoot%\System32\svchost.exe -k imgsvc (autostart)
BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
MS Software Shadow Copy Provider: C:\WINDOWS\System32\dllhost.exe /Processid:{621E90CD-2914-4C58-90B8-BD1C9BD52E8D} (manual start)
SYMDNS: \SystemRoot\System32\Drivers\SYMDNS.SYS (manual start)
SymEvent: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS (manual start)
SYMFW: \SystemRoot\System32\Drivers\SYMFW.SYS (manual start)
SYMIDS: \SystemRoot\System32\Drivers\SYMIDS.SYS (manual start)
SYMNDIS: \SystemRoot\System32\Drivers\SYMNDIS.SYS (manual start)
SYMREDRV: \SystemRoot\System32\Drivers\SYMREDRV.SYS (manual start)
SYMTDI: \SystemRoot\System32\Drivers\SYMTDI.SYS (system)
Microsoft Kernel System Audio Device: system32\drivers\sysaudio.sys (manual start)
Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
Terminal Device Driver: System32\DRIVERS\termdd.sys (system)
Terminal Services: %SystemRoot%\System32\svchost -k DComLaunch (manual start)
Themes: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Distributed Link Tracking Client: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
Microsoft Tun Miniport Adapter Driver: system32\DRIVERS\tunmp.sys (manual start)
Windows User Mode Driver Framework: C:\WINDOWS\system32\wdfmgr.exe (autostart)
Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
Universal Plug and Play Device Host: %SystemRoot%\System32\svchost.exe -k LocalService (manual start)
Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
Microsoft USB Generic Parent Driver: System32\DRIVERS\usbccgp.sys (manual start)
Microsoft USB 2.0 Enhanced Host Controller Miniport Driver: System32\DRIVERS\usbehci.sys (manual start)
USB2 Enabled Hub: System32\DRIVERS\usbhub.sys (manual start)
Microsoft USB Open Host Controller Miniport Driver: System32\DRIVERS\usbohci.sys (manual start)
Microsoft USB PRINTER Class: System32\DRIVERS\usbprint.sys (manual start)
USB Scanner Driver: System32\DRIVERS\usbscan.sys (manual start)
USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
VGA Display Controller.: \SystemRoot\System32\drivers\vga.sys (system)
vsdatant: System32\vsdatant.sys (system)
TrueVector Internet Monitor: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service (autostart)
Volume Shadow Copy: %SystemRoot%\System32\vssvc.exe (manual start)
Windows Time: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
WAN Miniport (ATW): System32\DRIVERS\wanatw4.sys (manual start)
WAN Miniport (ATW) Service: "C:\WINDOWS\wanmpsvc.exe" (autostart)
Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
WebClient: %SystemRoot%\System32\svchost.exe -k LocalService (autostart)
WinDriver6: system32\drivers\windrvr6.sys (manual start)
Windows Management Instrumentation: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
WMI Performance Adapter: C:\WINDOWS\System32\wbem\wmiapsrv.exe (manual start)
Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (system)
Security Center: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
Automatic Updates: %systemroot%\system32\svchost.exe -k netsvcs (autostart)
Wireless Zero Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
X10 Device Network Service: C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe (manual start)
%DESCRIPTION%: System32\Drivers\x10uif.sys (manual start)
Network Provisioning Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)


--------------------------------------------------

Enumerating Windows NT logon/logoff scripts:
*No scripts set to run*

Windows NT checkdisk command:
BootExecute = autocheck autochk *

Windows NT 'Wininit.ini':
PendingFileRenameOperations: *Registry value not found*

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

*Registry key not found*

--------------------------------------------------

End of report, 41,894 bytes
Report generated in 0.344 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

Edited by sanjay, 19 February 2007 - 04:28 PM.


#6 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 19 February 2007 - 05:41 PM

Hi Sanjay, startup may come in handy. Would like to get an uninstall list as soon as your able to, before we can go any further. dan

#7 sanjay

sanjay

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 20 February 2007 - 01:47 PM

Hi Dan, Uninstall list below: Adobe Acrobat 5.0 Adobe Atmosphere Player for Acrobat and Adobe Reader Adobe Download Manager 1.2 (Remove Only) Adobe Flash Player 9 ActiveX Adobe Photoshop Album 2.0 Starter Edition Adobe Reader 6.0 Ahead InCD EasyWrite Reader AOL UK Apple Software Update ArcSoft Panorama Maker 3.0 AVG 7.5 Belkin Bluetooth Software blueyonder Instant Support Tool blueyonder Wireless Connection Manager CCleaner (remove only) CNET Download Manager DiMAGE E500 Driver Disc2Phone DivX DivX Player Football Manager 2007 Google Desktop Google Toolbar for Internet Explorer HijackThis 1.99.1 Hotfix for Windows XP (KB914440) Hotfix for Windows XP (KB915865) hp instant support HP Memories Disc HP Photo and Imaging 2.0 - All-in-One HP Photo and Imaging 2.0 - All-in-One Drivers HP Photo and Imaging 2.0 - hp psc 2100 series hp psc 2100 series Informations about your PC International Cricket Captain 2006 iPod for Windows 2006-01-10 iPod Update 2004-04-28 iTunes J2SE Runtime Environment 5.0 Update 4 Java 2 Runtime Environment, SE v1.4.2_06 Kazaa Media Desktop 2.5.1 LiveUpdate 3.1 (Symantec Corporation) Logitech QuickCam Logitech® Camera Driver Macromedia Shockwave Player Medi@Show Medion Flash XL Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB886903) Microsoft AutoRoute 2002 Microsoft Data Access Components KB870669 Microsoft Encarta Encyclopedia Standard - WE 2003 Microsoft Internationalized Domain Names Mitigation APIs Microsoft Money Microsoft Money System Pack Microsoft National Language Support Downlevel APIs Microsoft Office 97, Professional Edition Microsoft Picture It! Photo 7.0 Microsoft Windows Journal Viewer Microsoft Word 2002 Microsoft Works 2003 Setup Launcher Microsoft Works 7.0 Microsoft Works Suite Add-in for Microsoft Word MSN Messenger 7.5 MSXML 4.0 SP2 (KB927978) Music Visualizer Library 1.4.00 Nikon View 6 PowerCinema PowerCinema 2.0 PowerDirector Pro PowerDVD PTC ProDESKTOP 8.0 QuickTime RealPlayer Realtek AC'97 Audio Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB928090) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Media Player (KB911564) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 6.4 (KB925398) Security Update for Windows XP (KB883939) Security Update for Windows XP (KB890046) Security Update for Windows XP (KB893756) Security Update for Windows XP (KB896358) Security Update for Windows XP (KB896422) Security Update for Windows XP (KB896423) Security Update for Windows XP (KB896424) Security Update for Windows XP (KB896428) Security Update for Windows XP (KB896688) Security Update for Windows XP (KB899587) Security Update for Windows XP (KB899588) Security Update for Windows XP (KB899591) Security Update for Windows XP (KB900725) Security Update for Windows XP (KB901017) Security Update for Windows XP (KB901214) Security Update for Windows XP (KB902400) Security Update for Windows XP (KB903235) Security Update for Windows XP (KB904706) Security Update for Windows XP (KB905414) Security Update for Windows XP (KB905749) Security Update for Windows XP (KB905915) Security Update for Windows XP (KB908519) Security Update for Windows XP (KB908531) Security Update for Windows XP (KB911562) Security Update for Windows XP (KB911567) Security Update for Windows XP (KB911927) Security Update for Windows XP (KB912812) Security Update for Windows XP (KB912919) Security Update for Windows XP (KB913446) Security Update for Windows XP (KB913580) Security Update for Windows XP (KB914388) Security Update for Windows XP (KB914389) Security Update for Windows XP (KB916281) Security Update for Windows XP (KB917159) Security Update for Windows XP (KB917344) Security Update for Windows XP (KB917422) Security Update for Windows XP (KB917953) Security Update for Windows XP (KB918118) Security Update for Windows XP (KB918439) Security Update for Windows XP (KB918899) Security Update for Windows XP (KB919007) Security Update for Windows XP (KB920213) Security Update for Windows XP (KB920214) Security Update for Windows XP (KB920670) Security Update for Windows XP (KB920683) Security Update for Windows XP (KB920685) Security Update for Windows XP (KB921398) Security Update for Windows XP (KB921883) Security Update for Windows XP (KB922616) Security Update for Windows XP (KB922819) Security Update for Windows XP (KB923191) Security Update for Windows XP (KB923414) Security Update for Windows XP (KB923689) Security Update for Windows XP (KB923694) Security Update for Windows XP (KB923980) Security Update for Windows XP (KB924191) Security Update for Windows XP (KB924270) Security Update for Windows XP (KB924496) Security Update for Windows XP (KB924667) Security Update for Windows XP (KB925486) Security Update for Windows XP (KB926255) Security Update for Windows XP (KB926436) Security Update for Windows XP (KB927779) Security Update for Windows XP (KB927802) Security Update for Windows XP (KB928255) Security Update for Windows XP (KB928843) Seekmo Toolbar Shockwave SiS 900 PCI Fast Ethernet Adapter Driver Spybot - Search & Destroy 1.4 Update for Windows XP (KB894391) Update for Windows XP (KB896727) Update for Windows XP (KB898461) Update for Windows XP (KB900485) Update for Windows XP (KB904942) Update for Windows XP (KB910437) Update for Windows XP (KB911280) Update for Windows XP (KB916595) Update for Windows XP (KB920872) Update for Windows XP (KB922582) Update for Windows XP (KB931836) Windows Backup Utility Windows Installer 3.1 (KB893803) Windows Internet Explorer 7 Windows Media Format Runtime Windows Media Player 10 Windows XP Hotfix - KB834707 Windows XP Hotfix - KB867282 Windows XP Hotfix - KB873333 Windows XP Hotfix - KB873339 Windows XP Hotfix - KB885250 Windows XP Hotfix - KB885835 Windows XP Hotfix - KB885836 Windows XP Hotfix - KB885884 Windows XP Hotfix - KB886185 Windows XP Hotfix - KB887472 Windows XP Hotfix - KB887742 Windows XP Hotfix - KB888113 Windows XP Hotfix - KB888302 Windows XP Hotfix - KB890047 Windows XP Hotfix - KB890175 Windows XP Hotfix - KB890859 Windows XP Hotfix - KB890923 Windows XP Hotfix - KB891781 Windows XP Hotfix - KB893066 Windows XP Hotfix - KB893086 Windows XP Service Pack 2 X10 Hardware™ ZoneAlarm I've added Zonealarm and AVG since the infection. Regards, Sanjay

#8 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 20 February 2007 - 04:41 PM

Hi sanjay
From your log I can see that you have avg7 as your antivirus and zone alarm as you firewall.
Have you had Norton in the past and uninstalled it? only I can see some leftovers.
__________________

Highjackthis is running from within a zip folder here C:\DOCUME~1\Neeraj\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe


On your desktop screen right click, select new folder, and name it HJT now locate zip folder from above lcation and right click the zip folder, extract it into the new folder on the desktop you named HJT
The reason I ask for this, is that HJT needs its own folder to make backups, should we need them.
Zip folders are not the best place to keep them.
HijackThis in a Zip location is In no danger of deletion but is incapable of making backups.

please do this before starting the fix.
__________________________________

Download NoLop.exe to your Desktop.
  • First close any other programs you have running as this will require a reboot
  • Double click NoLop.exe to run it.
  • Now click the button labelled "Search and Destroy"
    <<your computer will now be scanned for infected files>>
  • When scanning is finished you will be prompted to reboot only if infected, Click OK
  • Now click the "REBOOT" Button.
  • A Message should popup from NoLop. If not, double click the program again and it will finish.
  • Please post the contents of C:\NoLop.log later.
NOTE :
  • If you receive an error, "mscomctl.ocx or one of its dependencies are not correctly registered," please download mscomctl.ocx to C:\WINDOWS\system32\ folder then rerun the program.
___________________

Please include new HJT log, and the lop report
in your next post
Thanks dan

#9 sanjay

sanjay

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 22 February 2007 - 04:41 PM

Dan,

Yes did have norton, uninstalled it to put AVG on the system. AVG found and dealt with one virus but will not update itself now. Zonealarm seems to be fine. Internet connection is fine but outlook express will not connect to the pop3 server. Any ideas?

Logs below:

NoLop! Log by Skate_Punk_21

Fix running from: I:\
[22/02/2007]
[19:32:36]

---Infection Files Found/Removed---
NO INFECTION FILES FOUND - Cleaning Aborted.

---Listing AppData sub directories---

C:\Documents and Settings\All Users\Application Data\Adobe
C:\Documents and Settings\All Users\Application Data\Apple Computer
C:\Documents and Settings\All Users\Application Data\Avg7
C:\Documents and Settings\All Users\Application Data\Cash 16 Idol Title
C:\Documents and Settings\All Users\Application Data\Cyberlink
C:\Documents and Settings\All Users\Application Data\Google
C:\Documents and Settings\All Users\Application Data\Grisoft
C:\Documents and Settings\All Users\Application Data\Messenger Plus!
C:\Documents and Settings\All Users\Application Data\Microsoft
C:\Documents and Settings\All Users\Application Data\Motive -- EMPTY Directory
C:\Documents and Settings\All Users\Application Data\Motivesysids
C:\Documents and Settings\All Users\Application Data\Msn6
C:\Documents and Settings\All Users\Application Data\Play Tray Chin Second
C:\Documents and Settings\All Users\Application Data\Quicktime
C:\Documents and Settings\All Users\Application Data\Sbsi
C:\Documents and Settings\All Users\Application Data\Skype
C:\Documents and Settings\All Users\Application Data\Sony Corporation
C:\Documents and Settings\All Users\Application Data\Sony Ericsson
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
C:\Documents and Settings\All Users\Application Data\Symantec
C:\Documents and Settings\All Users\Application Data\Ulead Systems
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
C:\Documents and Settings\Default User\Application Data\Adobe
C:\Documents and Settings\Default User\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Default User\Application Data\Identities
C:\Documents and Settings\Default User\Application Data\Intertrust
C:\Documents and Settings\Default User\Application Data\Microsoft
C:\Documents and Settings\Hari Sharma\Application Data\Adobe
C:\Documents and Settings\Hari Sharma\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Hari Sharma\Application Data\Ante Style -- EMPTY Directory
C:\Documents and Settings\Hari Sharma\Application Data\Apple Computer
C:\Documents and Settings\Hari Sharma\Application Data\Arcsoft
C:\Documents and Settings\Hari Sharma\Application Data\Avg7
C:\Documents and Settings\Hari Sharma\Application Data\Contentdownload
C:\Documents and Settings\Hari Sharma\Application Data\Downloadlegalmusic
C:\Documents and Settings\Hari Sharma\Application Data\Google
C:\Documents and Settings\Hari Sharma\Application Data\Greatdownloads
C:\Documents and Settings\Hari Sharma\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Hari Sharma\Application Data\Hewlett-packard
C:\Documents and Settings\Hari Sharma\Application Data\Identities
C:\Documents and Settings\Hari Sharma\Application Data\Intertrust
C:\Documents and Settings\Hari Sharma\Application Data\Lavasoft
C:\Documents and Settings\Hari Sharma\Application Data\Leadertech
C:\Documents and Settings\Hari Sharma\Application Data\Lycos -- EMPTY Directory
C:\Documents and Settings\Hari Sharma\Application Data\Macromedia
C:\Documents and Settings\Hari Sharma\Application Data\Manager Meal Win
C:\Documents and Settings\Hari Sharma\Application Data\Microsoft
C:\Documents and Settings\Hari Sharma\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Hari Sharma\Application Data\New Folder -- EMPTY Directory
C:\Documents and Settings\Hari Sharma\Application Data\Nikon
C:\Documents and Settings\Hari Sharma\Application Data\Real
C:\Documents and Settings\Hari Sharma\Application Data\Sony Corporation
C:\Documents and Settings\Hari Sharma\Application Data\Sports Interactive
C:\Documents and Settings\Hari Sharma\Application Data\Sun
C:\Documents and Settings\Hari Sharma\Application Data\Symantec
C:\Documents and Settings\Kiran\Application Data\Adobe
C:\Documents and Settings\Kiran\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Kiran\Application Data\Ante Style -- EMPTY Directory
C:\Documents and Settings\Kiran\Application Data\Avg7
C:\Documents and Settings\Kiran\Application Data\Google
C:\Documents and Settings\Kiran\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Kiran\Application Data\Identities
C:\Documents and Settings\Kiran\Application Data\Intertrust
C:\Documents and Settings\Kiran\Application Data\Lycos
C:\Documents and Settings\Kiran\Application Data\Macromedia
C:\Documents and Settings\Kiran\Application Data\Manager Meal Win
C:\Documents and Settings\Kiran\Application Data\Microsoft
C:\Documents and Settings\Kiran\Application Data\Msn6
C:\Documents and Settings\Kiran\Application Data\Nikon
C:\Documents and Settings\Kiran\Application Data\Real
C:\Documents and Settings\Kiran\Application Data\Sun
C:\Documents and Settings\Kiran\Application Data\Symantec
C:\Documents and Settings\Localservice\Application Data\Avg7 -- EMPTY Directory
C:\Documents and Settings\Localservice\Application Data\Microsoft
C:\Documents and Settings\Localservice\Application Data\X10 Commander
C:\Documents and Settings\Neeraj\Application Data\Adobe
C:\Documents and Settings\Neeraj\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Neeraj\Application Data\Ante Style -- EMPTY Directory
C:\Documents and Settings\Neeraj\Application Data\Avg7
C:\Documents and Settings\Neeraj\Application Data\Google
C:\Documents and Settings\Neeraj\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Neeraj\Application Data\Hewlett-packard
C:\Documents and Settings\Neeraj\Application Data\Identities
C:\Documents and Settings\Neeraj\Application Data\Intertrust
C:\Documents and Settings\Neeraj\Application Data\Lycos -- EMPTY Directory
C:\Documents and Settings\Neeraj\Application Data\Macromedia
C:\Documents and Settings\Neeraj\Application Data\Manager Meal Win
C:\Documents and Settings\Neeraj\Application Data\Microsoft
C:\Documents and Settings\Neeraj\Application Data\Msn6 -- EMPTY Directory
C:\Documents and Settings\Neeraj\Application Data\Nikon
C:\Documents and Settings\Neeraj\Application Data\Real
C:\Documents and Settings\Neeraj\Application Data\Sun
C:\Documents and Settings\Neeraj\Application Data\Symantec
C:\Documents and Settings\Neeraj\Application Data\Uniblue
C:\Documents and Settings\Networkservice\Application Data\Microsoft
C:\Documents and Settings\Rakesh\Application Data\Adobe
C:\Documents and Settings\Rakesh\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Rakesh\Application Data\Ante Style -- EMPTY Directory
C:\Documents and Settings\Rakesh\Application Data\Apple Computer
C:\Documents and Settings\Rakesh\Application Data\Avg7
C:\Documents and Settings\Rakesh\Application Data\Google
C:\Documents and Settings\Rakesh\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Rakesh\Application Data\Hewlett-packard
C:\Documents and Settings\Rakesh\Application Data\Identities
C:\Documents and Settings\Rakesh\Application Data\Intertrust
C:\Documents and Settings\Rakesh\Application Data\Lycos
C:\Documents and Settings\Rakesh\Application Data\Macromedia
C:\Documents and Settings\Rakesh\Application Data\Manager Meal Win
C:\Documents and Settings\Rakesh\Application Data\Microsoft
C:\Documents and Settings\Rakesh\Application Data\Nikon
C:\Documents and Settings\Rakesh\Application Data\Real
C:\Documents and Settings\Rakesh\Application Data\Sun
C:\Documents and Settings\Rakesh\Application Data\Symantec
C:\Documents and Settings\Shivani\Application Data\Adobe
C:\Documents and Settings\Shivani\Application Data\Adobeum -- EMPTY Directory
C:\Documents and Settings\Shivani\Application Data\Ante Style -- EMPTY Directory
C:\Documents and Settings\Shivani\Application Data\Apple Computer
C:\Documents and Settings\Shivani\Application Data\Avg7
C:\Documents and Settings\Shivani\Application Data\Google
C:\Documents and Settings\Shivani\Application Data\Help -- EMPTY Directory
C:\Documents and Settings\Shivani\Application Data\Identities
C:\Documents and Settings\Shivani\Application Data\Intertrust
C:\Documents and Settings\Shivani\Application Data\Lycos
C:\Documents and Settings\Shivani\Application Data\Macromedia
C:\Documents and Settings\Shivani\Application Data\Manager Meal Win
C:\Documents and Settings\Shivani\Application Data\Microsoft
C:\Documents and Settings\Shivani\Application Data\Nikon
C:\Documents and Settings\Shivani\Application Data\Real
C:\Documents and Settings\Shivani\Application Data\Sun



Logfile of HijackThis v1.99.1
Scan saved at 19:38:55, on 22/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\blueyonderWCM\McciTrayApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Documents and Settings\Hari Sharma\Desktop\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: (no name) - {F7BF9C66-3216-F098-4AAF-CD92D3CA2FA7} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [InCD] D:\Tools\Nero Burning ROM 5.5.10.7\InCD\vsn95\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [blueyonderWCM_McciTrayApp] C:\Program Files\blueyonderWCM\McciTrayApp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [plusbase] C:\DOCUME~1\HARISH~1\APPLIC~1\MANAGE~1\boneview.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\exio-libremp3-uk\index.html (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: load - http://www.funtest.c...e/html/load.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


Regards,

Sanjay

#10 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 23 February 2007 - 08:25 AM

Hi sanjay

You are still running HJT out of a zip folder please follow previous Instruction on how to put this right.
This is Important before carrying on with the rest of the fix!
_____________________________

Download ATF Cleaner by Atribune and save it to your Desktop.
Do not use yet!

Ewido is now known as ( AVG Anti-Spyware.)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Dont use yet!
____________

Download the norton removal tool, run it and follow the onscreen propmts
Direct link to tool:

ftp://ftp.symantec.com/public/english_us_...emoval_Tool.exe
___________________

Re-boot into safe mode

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: (no name) - {F7BF9C66-3216-F098-4AAF-CD92D3CA2FA7} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKCU\..\Run: [plusbase] C:\DOCUME~1\HARISH~1\APPLIC~1\MANAGE~1\boneview.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O9 - Extra button: Coches - {AF0828BC-CB46-4C8D-95B6-8A7C4988F9FF} - c:\exio-libremp3-uk\index.html (file missing)
O16 - DPF: load - http://www.funtest.c...e/html/load.CAB
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

Run ATF cleaner
  • Double click ATF-Cleaner.exe to run the program.
  • Check the following boxes:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Recycle Bin
    • Java Cache
  • The rest are optional - if you want to remove the lot, check Select All.
  • Now click Empty Selected.
  • When you get the Done Cleaning message, click OK.
  • If you use Firefox browser.
    • Click Firefox at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.
  • If you use Opera browser.
    • Click Opera at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.

Run AVG Anti-Spyware

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
__________________

please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (If available otherwise Standard)
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please include new HJT log, AVG Anti-Spyware log and kaspersky log
in your next post
Thanks dan

    Advertisements

Register to Remove


#11 sanjay

sanjay

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 28 February 2007 - 03:32 PM

Dan, Have extracted HJT and hopefully now running the correct way. Logs attached: --------------------------------------------------------- AVG Anti-Spyware - Scan Report --------------------------------------------------------- + Created at: 14:37:15 28/02/2007 + Scan result: C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll -> Adware.Agent : Cleaned with backup (quarantined). C:\WINDOWS\system32\Lycos.dll -> Adware.BargainBuddy : Cleaned with backup (quarantined). C:\Program Files\Microsoft AntiSpyware\Quarantine\C3141F68-6F0C-4C99-A553-DA6F3E\0726B777-3A70-40B9-B772-C11C2D -> Adware.ClearSearch : Cleaned with backup (quarantined). HKLM\SYSTEM\ControlSet002\Enum\HID\{00001124-0000-1000-8000-00805f9b34fb}_VID&00000000_PID&c042&Col02\8&2c4e8302&0&0001\Device Parameters\\ForceAbsolute -> Adware.CnsMin : Cleaned with backup (quarantined). C:\WINDOWS\system32\MegasearchBarSetup.dll -> Adware.F1Organizer : Cleaned with backup (quarantined). C:\WINDOWS\system32\P2P Networking v124.cpl -> Adware.P2PNet : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined). C:\Documents and Settings\TEMP\Cookies(2)\hari sharma@ayb.lop[1].txt -> TrackingCookie.Lop : Cleaned. C:\Documents and Settings\TEMP\Cookies(2)\hari sharma@lop[2].txt -> TrackingCookie.Lop : Cleaned. C:\Documents and Settings\TEMP\Cookies(2)\hari sharma@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned. ::Report end ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Wednesday, February 28, 2007 8:57:30 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 28/02/2007 Kaspersky Anti-Virus database records: 274740 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 107325 Number of viruses found: 41 Number of infected objects: 374 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:27:32 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\All Users\Application Data\Avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00207C2C.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00E30B34.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\02521508.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0292532D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\044D000A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04A0685F.exe Infected: Trojan-Downloader.Win32.Swizzor.dr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04B37612.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\04C97198.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05196C19.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\057F6221.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05B420BD.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05E65828.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\064C4E30.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\066210DE.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\068D21A1.exe Infected: Trojan-Downloader.Win32.Swizzor.di skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06B24437.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\06FB0A73.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07404E28.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\085E17A4.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\08C40DAC.exe Infected: Trojan-Downloader.Win32.Swizzor.cc skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09726703.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\09B32529.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0BE94394.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D0C7FC5.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0D6F3092.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E1B5C6F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0E602024.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0FDD3C09.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10443210.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\109238FF.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10AA2818.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\10D37724.exe Infected: Trojan-Downloader.Win32.Swizzor.cc skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11101E1F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11761427.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\11DC0A2E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\12420036.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\128B056F.exe Infected: Trojan-Downloader.Win32.Swizzor.dr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1309158F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\130F672A.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13121126.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13153B22.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1318651F.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\131C0F1B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\131F3918.exe Infected: Trojan-Downloader.Win32.Swizzor.cm skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13226314.exe Infected: Trojan-Downloader.Win32.Swizzor.by skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13250D10.exe Infected: Trojan-Downloader.Win32.Swizzor.cm skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1329370D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\132C6109.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\132F0B06.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13323502.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13365EFE.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\133908FB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\133C32F7.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13405CF4.exe Infected: Trojan.Win32.Krepper.ab skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\134306F0.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\134630EC.exe Infected: Trojan-Downloader.Win32.Swizzor.dc skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13495AE9.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\134D04E5.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13502EE2.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13502EE2.int Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135358DE.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135602DB.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\135A2CD7.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\13EE53A3.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\145449AA.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1580721F.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17991786.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17B30AFB.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\17F34920.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1967667B.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.s skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\19E523D7.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1A2A678B.exe Infected: Trojan-Downloader.Win32.Swizzor.dr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AAB7953.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AAE234F.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AAE234F.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.o skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1AB14D4C.int Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1B6E7807.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1BD46E0F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C3A6416.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C5C0067.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1C9C3E8C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA05A1E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA1441B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA66F50.zip/BB.class Infected: Trojan.Java.ClassLoader.o skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA66F50.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA66F50.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA66F50.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA66F50.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CA66F50.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDA0F17.htm Infected: Exploit.HTML.Mht skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDD3913.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDD3913.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDD3913.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDD3913.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDD3913.zip ZIP: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1CDD3913.zip CryptFF: infected - 4 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D065025.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D6C462D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1D9C6324.exe Infected: Trojan-Downloader.Win32.Swizzor.dr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1DD33C35.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1EB379FF.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1ED35CF7.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F7E0FA2.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1F7E0FA2.int Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\1FE505A9.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\210575D2.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\214A3987.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23131BF6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\237C5263.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\23BD1088.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\250373E9.tmp Infected: not-a-virus:AdWare.Win32.WinAD skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\251F6C58.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25A53122.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25A85B1F.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25A85B1F.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25F32EF3.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\26FE3406.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27642A0D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\27CA2015.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\282547CE.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2831161C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\286A0B83.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28970C24.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\28FD022C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\29637833.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A9C245E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ADD6283.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B0F4BA0.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B470863.dll Infected: not-a-virus:AdWare.Win32.EZula.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2B7541A8.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2BDB37AF.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D1300EE.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2F4619CA.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30894D76.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\308C7772 Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\308C7772.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3090216F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30934B6B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30967568.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30991F64.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\309D4960.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A0735D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A31D59.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A64756.cab/MediaGatewayX.dll Infected: not-a-virus:AdWare.Win32.WinAD.bg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A64756.cab CAB: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A64756.cab CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30A64756.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30AA7152.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30AD1B4E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30B0454B.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30B46F47.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30B71944.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30BA4340.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30BD6D3C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30C11739.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30C44135.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30C76B32.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30CA152E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30CE3F2B Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30CE3F2B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30D16927.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30D41323.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30D73D20.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DB671C.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30DE1119.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30E13B15.exe Infected: Trojan-Downloader.Win32.Swizzor.dr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30E56511.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30E80F0E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EB390A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30EE6307.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30F20D03.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30F536FF.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30F860FC.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30FB0AF8.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30FF34F5.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31025EF1.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310508ED.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310832EA.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310C5CE6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\310F06E3.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311230DF.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31165ADB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311904D8.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311C2ED4.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\311F58D1.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312302CD.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31262CC9.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312956C6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\312C00C2.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31302ABF.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313354BB.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31367EB8.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313928B4.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\313D52B0.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31407CAD.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\314326A9.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\314750A6.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\314A7AA2.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\314D249E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31504E9B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31547897.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31572294.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\315A4C90.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\315D768C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31612089.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31644A85.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31677482.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\316A1E7E.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\316A1E7E.int Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\316E487A.exe Infected: Trojan-Downloader.Win32.Swizzor.dr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31717277.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31741C73.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31774670.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\317B706C.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\317E1A68.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\319F60BC.dll Infected: not-a-virus:AdWare.Win32.EZula.t skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31BD765A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31FD347F.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\32F5660C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\335B5C14.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\337E2FDF.exe Infected: not-a-virus:AdWare.Win32.Comet.r skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33C1521B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34274823.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\343452EA.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\348D3E2A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\34F33432.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\35BA3FE9.int Infected: Trojan-Downloader.Win32.Swizzor.di skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\36AB2F7A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37046321.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\37057DA6.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\376B73AE.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38DD4856.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\391E067B.exe Infected: Trojan-Downloader.Win32.Swizzor.cm skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B5424E6.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3B640517.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C127538.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C390C22.exe Infected: not-a-virus:Porn-Dialer.Win32.GBDialer.d skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C3C361E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3C3F601A.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D6F557A.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3D863DC2.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DC77BE7.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3DCB0176.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E197E77.exe Infected: not-a-virus:AdWare.Win32.EZula.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3E85220B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3EEB1812.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3F510E1A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FB70421.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\401D7A29.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\403E5877.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40847030.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40C443A2.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\40EA6638.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\41CF7770.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\429639A5.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42D84BD5.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\42FC2FAD.exe Infected: Trojan-Downloader.Win32.Swizzor.cm skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\436A5440.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44E74DE3.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\44EB5372.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\471D6C4E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\478C79A8.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\493F143B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49500529.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\499548DE.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\49D64698.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A155E09.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A7B5411.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4AE24A18.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4B484020.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BAE3627.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4BC761B9.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C071FDE.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C142C2F.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C557FA0.int Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4C7A2237.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E2675A4.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E3E3E49.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4E8C6BAB.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\50B51ADA.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\52E733B5.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\532871DA.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\555E1045.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\55A61A08.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\560C100F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56720617.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56D87C1F.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\573E7226.exe Infected: Trojan-Downloader.Win32.Swizzor.dr skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57902921.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57A4682E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57D40525.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\57D56CD5.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\580A5E35.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\59B631A2.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A1C27AA.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5A4843D6.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C0A28F8.tmp Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C565908.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5C7E6241.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5CF50CF1.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.o skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EB07B1D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5EF53ED1.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\612757AD.exe Infected: Trojan-Downloader.Win32.Swizzor.dh skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\61365607.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\616815D2.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\619C4C0E.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62024216.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\622E2D05.exe Infected: Trojan.Win32.StartPage.sx skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6268381D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6284239D.exe Infected: Worm.Win32.VB.an skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62CE2E25.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62E15CED.cab/bi.dll Infected: not-a-virus:AdWare.Win32.BiSpy.o skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62E15CED.cab CAB: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\62E15CED.cab CryptFF: infected - 1 skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6335242C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\639B1A34.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\639F343D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6524213C.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.p skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65476DA1.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65AD63A8.exe Infected: Trojan-Downloader.Win32.Swizzor.dj skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\

#12 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 28 February 2007 - 07:39 PM

Hi, sanjay, thanks for the returned logs, I would also like to see a new HJT log. Thanks dan

#13 sanjay

sanjay

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 01 March 2007 - 04:49 AM

Hi Dan,

Think the last message got chopped off prematurely. HJT log and remainer of the Kaspersky log below:

C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65D14D18.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66110B3D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\661610CD.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\684829A8.exe Infected: Trojan-Downloader.Win32.Swizzor.de skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\688867CE.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6ABF0639.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6B772729.htm Infected: Trojan.JS.Minor.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6C06575A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6CF11F14.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D2C080D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D3662C9.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6D937E14.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6DF9741C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E491998.tmp Infected: not-a-virus:AdWare.Win32.ClearSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6E5F6A23.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6EC5602B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F2B5632.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\6F687BA4.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\713D1FA7.exe Infected: not-a-virus:AdWare.Win32.Lop.e skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\719A1480.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71A315AF.exe Infected: Trojan-Downloader.Win32.Swizzor.ca skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\71DF5834.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74117110.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74522F35.exe Infected: Trojan-Downloader.Win32.Swizzor.dg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\74BB16A3.exe Infected: Trojan-Downloader.Win32.Swizzor.di skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76884DA0.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A237AB.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A237AB.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A237AB.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A237AB.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A237AB.zip ZIP: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\76A237AB.zip CryptFF: infected - 4 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78BA667C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78BD440B.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79233A13.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79460DDF.exe Infected: not-a-virus:AdWare.Win32.BetterInternet skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7989301A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79EA7941.htm Infected: Trojan.JS.Minor.a skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\79EF2622.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A3A1C4D.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A551C2A.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A720E29.exe/data0004 Infected: not-a-virus:AdWare.Win32.Sidesearch.b skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A720E29.exe NSIS: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7A720E29.exe CryptFF: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7ABB1231.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B210839.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B31430C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7B720131.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7CCD5BA6.exe Infected: not-a-virus:AdWare.Win32.Lop.k skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7D3351AD.exe Infected: not-a-virus:AdWare.Win32.Lop.m skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F7F4F1F.exe Infected: Trojan-Downloader.Win32.Swizzor.fg skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F82791C.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7F862318.int Infected: Trojan-Downloader.Win32.Swizzor.dr skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\7FDB3877.exe Infected: not-a-virus:AdWare.Win32.Lop.bb skipped
C:\Documents and Settings\Hari Sharma\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbdam Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbdao Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbeam Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbeao Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbm Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\fii.cf1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\hp Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Google\Google Desktop\32d79aca040e\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\History\History.IE5\MSHist012007022820070301\index.dat Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Hari Sharma\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Hari Sharma\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Hari Sharma\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\blueyonder IST\log\mpbtn.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\HARI.ldb Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Prefetch\layout.ini Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\ZLT07a90.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT07a94.TMP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.


Logfile of HijackThis v1.99.1
Scan saved at 21:01:59, on 28/02/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\htpatch.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\blueyonderWCM\McciTrayApp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\LVComS.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\blueyonder IST\bin\mpbtn.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopOE.exe
C:\Program Files\blueyonderWCM\McciBrowser.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\Hari Sharma\Desktop\hjt\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virginmedia.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VOBRegCheck] C:\WINDOWS\System32\VOBREGCheck.exe -CheckReg
O4 - HKLM\..\Run: [PCMService] C:\Program Files\Medion Home CinemaXL\PowerCinema\PCMService.exe
O4 - HKLM\..\Run: [InCD] D:\Tools\Nero Burning ROM 5.5.10.7\InCD\vsn95\InCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [blueyonderWCM_McciTrayApp] C:\Program Files\blueyonderWCM\McciTrayApp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [plusbase] C:\DOCUME~1\HARISH~1\APPLIC~1\MANAGE~1\boneview.exe
O4 - HKCU\..\Run: [RealPlayer] "C:\Program Files\Real\RealPlayer\realplay.exe" /RunUPGToolCommandReBoot
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: blueyonder Instant Support Tool.lnk = C:\Program Files\blueyonder IST\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh304181.dll/201
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O14 - IERESET.INF: START_PAGE_URL=http://www.medion.com
O16 - DPF: load - http://www.funtest.c...e/html/load.CAB
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akama...ex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebo...otoUploader.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab27571.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Regards,

Sanjay

#14 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 01 March 2007 - 12:15 PM

Hi sanjay

Don't worry about items kaspersky flagged, will deal with them shortly.
_____________________

Download Pocket Killbox and unzip it; save it to your Desktop.
DO NOT RUN IT YET.


Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download MediaGateway Remover.
Save it in the same folder you made earlier (c:\BFU).

Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select MediaGateway.BFU
  • Press Execute and let it do it’s job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
________________

We need to reveal system folders
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options
  • After the new window appears select the View tab.
  • Place a checkmark in the checkbox labeled Display the contents of system folders
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Press the Apply and then the ok button and shut down my computer
  • Now your computer is configured to show all hidden files.
  • For you and the tools to be able to see appropriate files we need to Show Hidden Files
Re-boot into safe mode
____________

Now we can delete those files.
  • Copy the following list to the Clipboard.

    C:\DOCUME~1\HARISH~1\APPLIC~1\MANAGE~1\boneview.exe
    C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll
  • Start Pocket Killbox.
  • Click Delete a file on reboot.
  • Click File
  • Select Paste from Clipboard. You should see a file
name from the list above appear in the window under
Full Path of File to Delete


  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE
Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)
O3 - Toolbar: Seekmo Toolbar - {53E0B6E8-A51D-448B-B692-40B67B285543} - C:\Program Files\Seekmo Programs\Seekmo Toolbar\SeekmoTB.dll (file missing
O4 - HKCU\..\Run: [plusbase] C:\DOCUME~1\HARISH~1\APPLIC~1\MANAGE~1\boneview.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: load - http://www.funtest.c...e/html/load.CAB

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit


Right click start, In the drop down menu click "Explore" Then navigate to each file\ folder in the left hand pane, which will reveal its content in the right hand pane, highlight file or folder right click and Delete, if present:

C:\Program Files\Seekmo Programs <====== This folder

Reboot into normal mode
______________

You may want to go here and update Adobe Reader 6.0.1 to the latest version, Adobe Reader® 7.0


Your Java is out of date Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says " Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Please include new HJT log,
in your next post
Thanks dan

#15 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 05 March 2007 - 12:55 PM

How we going? dan

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users