Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help


  • This topic is locked This topic is locked
6 replies to this topic

#1 netsolutions

netsolutions

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 30 August 2005 - 01:25 AM

Attached is the logfile from a dell running xp home /sp2

Have run Counterspy, Spybot and AdawareSE multiple times and still having trouble.



Logfile of HijackThis v1.99.1
Scan saved at 11:19:04 PM, on 8/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\STOPzilla!\Stopzilla.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\WINDOWS\iisvers.exe
C:\WINDOWS\System32\wsrv32.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Sierra\GPlan\CALTRAY.EXE
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServAlert.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\PROGRA~1\McAfee.com\Agent\McDash.exe
c:\program files\mcafee.com\shared\mghtml.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\System32\wsrchc3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - (no file)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [wsrv32] C:\WINDOWS\System32\wsrv32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy Client\sunASCleaner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Hw03RSi2l] dinpsapi.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sierra Garden Planner Tray Application.lnk = C:\Sierra\GPlan\CALTRAY.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzfw001
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:10 AM

Posted 30 August 2005 - 07:56 AM

Hello,

Attached is the logfile from a dell running xp home /sp2


I am sorry, but I can't see any updates present yet... You don't have even ServicePack1 installed! Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Because your system is already infected, updating now CAN cause problems, so let's get you updated when everything is fixed again.

It's better to print out the next instructions or save it in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

First before you proceed with next steps, I want a file that is present on your computer for analyse.
Search for next file: C:\WINDOWS\System32\wsrchc3.dll and submit it here: http://www.bleepingcomputer.com/submit-malware.php

Please do this before you perform next steps!!

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup

Download ResetTeaTimer.bat. Double click the file to remove all entries set by TeaTimer.

* Please set your system to show all files; please see here if you're unsure how to do this.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\System32\wsrchc3.dll
O2 - BHO: (no name) - {6A6E50DC-BFA8-4B40-AB1B-159E03E829FD} - (no file)
O4 - HKLM\..\Run: [iisvers] C:\WINDOWS\iisvers.exe
O4 - HKLM\..\Run: [wsrv32] C:\WINDOWS\System32\wsrv32.exe
O4 - HKCU\..\Run: [Hw03RSi2l] dinpsapi.exe
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzfw001
O16 - DPF: {13197ACE-6851-45C3-A7FF-C281324D5489} -
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
O16 - DPF: {77712A64-F30B-47C8-A363-CDA1CEC7DC1B} -
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} -
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} -


* Click on Fix Checked when finished and exit HijackThis.

* Using Windows Explorer, locate the following files, and delete them:

C:\WINDOWS\iisvers.exe
C:\WINDOWS\System32\wsrv32.exe

* Reboot your system

Post back a fresh HijackThis log and I'll take another look.

If you had any problems with deleting files or noticed any other problems during your fix, let me also know in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 netsolutions

netsolutions
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 30 August 2005 - 01:58 PM

Ok. Here is the new logfile.

I submitted wsrchc3.dll and wsrchc2.dll for analysis.


Logfile of HijackThis v1.99.1
Scan saved at 11:51:52 AM, on 8/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Sierra\GPlan\CALTRAY.EXE
C:\WINDOWS\System32\wuauclt.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\System32\wsrchc3.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [07rT32O] edlini.exe
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\Steve\LOCALS~1\Temp\2004124182627_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [Games toolbar] rundll32.exe "C:\PROGRA~1\Games\tbGame.dll" DllShowTB
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [SSWPlauncher] C:\PROGRA~1\COMETS~1\Platform\Bin\comet.exe /app:SSWPlauncher
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [VSProSetup] D:\VSP\Enu\setup.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sierra Garden Planner Tray Application.lnk = C:\Sierra\GPlan\CALTRAY.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzfw001
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:10 AM

Posted 30 August 2005 - 02:29 PM

Hi; thanks for the files.

I'm afraid we need to perform this again, because apparantely you installed some software that brought syware with it, so we need to clean that also...

First of all, go to start > control panel > software and uninstall next programs if present:

Cometscursor
MyWebSearch
Hotbar
Autoupdate
Games ( Games Toolbar )
VBouncer (Virtual Bouncer)
Viewpoint ( Viewpoint manager)
Weatherontray
Wildtangent


Reboot afterwards..

It's better to print out the next instructions or save them in notepad, because you also have to work in safe mode without networking support, so this page wouldn't be available then.
It is also important you don't miss a step and perform everything in the right order!!

* Download and install CCleaner
Do not use it yet.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

R3 - URLSearchHook: UB Class - {00000000-15D9-4736-AB29-131578A45F2B} - C:\WINDOWS\System32\wsrchc3.dll
O4 - HKLM\..\Run: [07rT32O] edlini.exe
O4 - HKLM\..\Run: [App32dll] C:\windows\system32\msnavc32.exe lee0105
O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
O4 - HKLM\..\Run: [CleanUp] C:\DOCUME~1\Steve\LOCALS~1\Temp\2004124182627_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [Games toolbar] rundll32.exe "C:\PROGRA~1\Games\tbGame.dll" DllShowTB
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [SSWPlauncher] C:\PROGRA~1\COMETS~1\Platform\Bin\comet.exe /app:SSWPlauncher
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\bin\4.5.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzfw001
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/MediaAcc...e/bridge-c8.cab


* Click on Fix Checked when finished and exit HijackThis.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\System32\wsrchc3.dll
C:\WINDOWS\System32\wsrchc2.dll
C:\windows\system32\msnavc32.exe
C:\Program Files\AutoUpdate <== folder
C:\Program Files\Games <== folder
C:\Program Files\MYWEBSEARCH <== folder
C:\Program Files\COMETS... <== folder, starts with these letters
C:\Program Files\VBouncer <==folder
C:\Program Files\Hotbar <==folder

* Still in safe mode Start Ccleaner
click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right)


* Open Ad-aware and do a full scan. Remove all it finds.


* Now open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

Close Ewido

* Reboot back to normal mode.

Post a new HijackThis Log, and the Ewido Log by using Add Reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 netsolutions

netsolutions
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:10 AM

Posted 30 August 2005 - 09:32 PM

Ok. Here is the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 7:16:37 PM, on 8/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\STOPzilla!\szntsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
C:\WINDOWS\DELLMMKB.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Sierra\GPlan\CALTRAY.EXE
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\WINDOWS\System32\SZIEBHO.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MskDetct.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageWorkstation\TrueImageMonitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [AIMWDInstallFilename] C:\PROGRA~1\AIM\AIMWDI~1.EXE
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [sunasDTServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [sunasServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKLM\..\Run: [tgcmdprovidersbc] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf /nosystray
O4 - HKLM\..\Run: [VSProSetup] D:\VSP\Enu\setup.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sierra Garden Planner Tray Application.lnk = C:\Sierra\GPlan\CALTRAY.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} (Groove Control) - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://utu.popcap.com/games/popcaploader_v6.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Local Service - International Software Systems Solutions - C:\Program Files\STOPzilla!\szntsvc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\PROGRA~1\Yahoo!\PARENT~1\YPCSER~1.EXE



and here is a truncated vresion of the Ewido log (it was over 2m in size:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:05:16 PM, 8/30/2005
+ Report-Checksum: 2B99CA9F

+ Scan result:

HKLM\SOFTWARE\AkSoft -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\101funpages.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\123stat.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\1800flowers.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\216.127.88.84 -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\64.246.54.26 -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\70.84.88.186 -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\888.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\a.as-us.falkag.net -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\a.thefreedictionary.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\a.websponsors.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\aaa-backgrounds.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\aardvarkarchie.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\aaronscanna-amaryllis.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\abclocal.go.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\acclaimimages.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\acehardware.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\activemailorder.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\activity.serving-sys.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\addfreestats.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\addmusictowebsite.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\adman.freeze.com -> Spyware.AkSoft : Cleaned with backup


: truncated here



HKLM\SOFTWARE\AkSoft\.Hotsites\www03.quizyourfriends.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\www1.addfreestats.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\www11.overture.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\www2.free-bracelet.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\www60.overture.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\wwwapps.ups.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\xanga.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\xanga.music.us -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\xpsn.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\xxanga.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\yahoo.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\yourearlyretirement.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\yp.mapquest.com -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Hotsites\zipit.tk -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\AOL.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\EXPLORER.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\IEXPLORE.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\MOZILLA.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\NETSCP.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\NETSCP6.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\OPERA.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\WAOL.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Support\YBROWSER.EXE -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\.Target -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\a -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\b -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\c -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\d -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\e -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\f -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\g -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\h -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\i -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\j -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\k -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\l -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\m -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\n -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\o -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\p -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\q -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\a\a\r -> Spyware.AkSoft : Cleaned with backup



-truncated here




HKLM\SOFTWARE\AkSoft\[\z\x -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\z\y -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\z\z -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\z\[ -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[ -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\a -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\b -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\c -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\d -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\e -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\f -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\g -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\h -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\i -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\j -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\k -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\l -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\m -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\n -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\o -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\p -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\q -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\r -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\s -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\t -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\u -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\v -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\w -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\x -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\y -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\z -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\AkSoft\[\[\[ -> Spyware.AkSoft : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{04D7391C-AB32-4921-84F3-B63FC0EEDF43} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{09F19D39-3084-47B0-B1CE-26581074BC36} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2CEC1D83-1F31-41A7-B2BC-A2FE25E3BF34} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{41943AC1-46DC-41EF-A365-713C14C50A06} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{439508F6-E48B-4095-B000-ADC7A02AB29E} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4A0F42B7-A61B-4131-BF41-BF05A2635BFD} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4E86A93F-4E89-45FD-866B-80D25B0F21A6} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{665ABE65-2C16-4341-B4B8-01FF799E8F4C} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9DBDD71C-0A7F-48AC-9FFA-E102B3750B9D} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E56E18-2F04-4AB9-9333-B2DB3C350956} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C7E7863D-2EF7-46F9-A2C2-DD08B2B3C0A5} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CA74A032-869B-4752-927E-D0DA5677DC23} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{E9CBBEED-20B6-456C-8589-CF364D9D2370} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F8C5EA77-7D72-405C-B90A-093655B0F544} -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SWAR -> Spyware.CometCursor : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button0 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button1 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button3 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
HKU\.DEFAULT\Software\Support Software\Params -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-21-357464061-426764551-501881172-1009\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-357464061-426764551-501881172-1009\Software\dsktb -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-357464061-426764551-501881172-1009\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-357464061-426764551-501881172-1009\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-18\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config\button0 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config\button1 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config\button2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\Config\button3 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-18\Software\Support Software -> Spyware.NetworkEssentials : Cleaned with backup
HKU\S-1-5-18\Software\Support Software\Params -> Spyware.NetworkEssentials : Cleaned with backup
C:\adlinstallwin32.exe -> Trojan.SecondThought.ak : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\eskin -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\eskin\empty_bg_st.htm -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\eskin\FileManager.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\IESkins -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\navBC0.tmp -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\reports.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\dynamic -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\buttondir.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\components.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\DefaultButton.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\DefaultButton.res -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-backgrounds.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-bcards.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-dailyfun.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-ecards.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-emoticons.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-feedback.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-help.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-images.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-more.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-school.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-skins.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-tell.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-temp.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def-email-text.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-def.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\email-t1-bg.res -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\hotbar_promo.htm -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\layout.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\linkpathlegal.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\1\samplegroups2.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOI\static\DownLoad -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\dynamic -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\business_promo.htm -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\buttondir.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\components.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\DefaultButton.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\DefaultButton.res -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-backgrounds.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-bcards.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-dailyfun.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-ecards.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-emoticons.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-feedback.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-help.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-images.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-more.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-new.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-new2.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-school.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-skins.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-tell.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-temp.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def-email-text.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-def.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\email-t1-bg.res -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\hotbar_promo.htm -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\layout.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\linkpathlegal.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\1\samplegroups2.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\business_promo.htm -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\buttondir.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\components.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\DefaultButton.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\DefaultButton.res -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-backgrounds.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-bcards.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-dailyfun.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-ecards.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-edit.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-emoticons.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-help.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-images.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-info.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-more.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-new.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-new2.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-tell.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-temp.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-text.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def-email-voice.mnu -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-def.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\email-t1-bg.res -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\hotbar_promo.htm -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\layout.cdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\linkpathlegal.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\2\samplegroups2.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\HostOL\static\DownLoad -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1024083.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1042547.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055780.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1057858.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1059014.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1065003.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383434.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384083.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1384215.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1385945.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1386864.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387588.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402190.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402191.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1402873.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1404879.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1406611.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1409567.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1420235.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\1767146.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\237280.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\2512760.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\2877091.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\344stat -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\501475.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\566217.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\601882.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\625696.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\632810.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\680914.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\821735.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\890068.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\921771.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\99904.sdf -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\domains.txt -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\313c.dat -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\104391 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\11891 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\119748 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12457 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\12776 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\13596 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\15040 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\1590 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17025 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\17615 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18391 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\184591 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18721 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\18909 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\19052 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2021 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\202699 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20517 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20549 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20570 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20613 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20706 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\20970 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\21017 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2119 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2129 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\2134 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22212 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22258 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\22657 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\24341 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25025 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25043 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25272 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25708 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\257947 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\25810 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26106 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\26664 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27503 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\27505 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29135 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\29683 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\30604 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\32418 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\33168 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34123 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34137 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34186 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34237 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34481 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\34706 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35047 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\36318 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\37602 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\3822 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41215 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\Steve\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\41507 -> Spyware.HotBar : Cleaned with backup
C:\Documents and Settings\

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:10 AM

Posted 31 August 2005 - 02:58 AM

Hi, this is already looking much better!

Check and fix next leftover in hijackthis:


R3 - Default URLSearchHook is missing

Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of the leftovers.
If you don't have those programs yet, you can find the downloadlocations in my sig.
To keep this clean in the future, I would suggest the following things:

Most important thing here --- Visit asap http://windowsupdate.microsoft.com to download and install all the updates and security patches!!

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Avoid illegal sites, because that's where most malware is present.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

More info on how to prevent malware you can also find here (By Tony Klein)

Happy surfing again! :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:07:10 AM

Posted 09 September 2005 - 09:09 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users