Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32:trojan-gen. {upx!}


  • Please log in to reply
4 replies to this topic

#1 ecca

ecca

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 21 January 2006 - 02:13 PM

HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:58:30 PM, on 1/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\volumec.exe
C:\WINDOWS\msncomm.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\msncomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\owner\My Documents\fitness\hijackthis.exe

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll (file missing)
O3 - Toolbar: (no name) - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - (no file)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i
O4 - HKLM\..\Run: [antivirus] C:\WINDOWS\avsoft.exe /i
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O20 - Winlogon Notify: -jgitfryk - C:\WINDOWS\system32\phqghu.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)

BC AdBot (Login to Remove)

 


m

#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 22 January 2006 - 01:38 PM

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 ecca

ecca
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 22 January 2006 - 05:00 PM

Webroot session log:
********
12:47 PM: | Start of Session, Sunday, January 22, 2006 |
12:47 PM: Spy Sweeper started
12:47 PM: Sweep initiated using definitions version 604
12:47 PM: Starting Memory Sweep
12:51 PM: Memory Sweep Complete, Elapsed Time: 00:03:17
12:51 PM: Starting Registry Sweep
12:51 PM: Found Adware: altnet
12:51 PM: HKLM\software\altnet\ (19 subtraces) (ID = 103481)
12:51 PM: HKLM\software\classes\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (21 subtraces) (ID = 103494)
12:51 PM: Found Adware: cnsmin
12:51 PM: HKCR\clsid\{205ff73b-ca67-11d5-99dd-444553540006}\ (14 subtraces) (ID = 106160)
12:51 PM: HKCR\interface\{205ff73a-ca67-11d5-99dd-444553540006}\ (8 subtraces) (ID = 106176)
12:51 PM: HKLM\software\classes\clsid\{205ff73b-ca67-11d5-99dd-444553540006}\ (14 subtraces) (ID = 106191)
12:51 PM: HKLM\software\classes\interface\{205ff73a-ca67-11d5-99dd-444553540006}\ (8 subtraces) (ID = 106197)
12:51 PM: HKLM\software\classes\typelib\{205ff72e-ca67-11d5-99dd-444553540006}\ (9 subtraces) (ID = 106202)
12:51 PM: HKCR\typelib\{205ff72e-ca67-11d5-99dd-444553540006}\ (9 subtraces) (ID = 106257)
12:51 PM: Found Adware: cws-aboutblank
12:51 PM: HKLM\software\sr\ (2 subtraces) (ID = 116769)
12:51 PM: Found Adware: dialerplatform
12:51 PM: HKCR\clsid\{2e246fae-8420-11d9-870d-000c2917de7f}\ (12 subtraces) (ID = 125126)
12:51 PM: HKLM\software\classes\clsid\{2e246fae-8420-11d9-870d-000c2917de7f}\ (12 subtraces) (ID = 125138)
12:51 PM: HKLM\software\ptssa\ (8 subtraces) (ID = 125166)
12:51 PM: Found Adware: hotbar
12:51 PM: HKCR\appid\hbsrv.exe\ (1 subtraces) (ID = 127214)
12:51 PM: HKCR\appid\weatherontray.exe\ (1 subtraces) (ID = 127217)
12:51 PM: HKCR\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\ (1 subtraces) (ID = 127218)
12:51 PM: HKCR\appid\{b701a705-f828-11d4-a466-00508b5ba2df}\ (1 subtraces) (ID = 127221)
12:51 PM: HKCR\clsid\{013a482e-1893-4f49-8d41-ac89156a6955}\ (23 subtraces) (ID = 127228)
12:51 PM: HKCR\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 subtraces) (ID = 127230)
12:51 PM: HKCR\clsid\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94}\ (11 subtraces) (ID = 127231)
12:51 PM: HKCR\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 subtraces) (ID = 127232)
12:51 PM: HKCR\clsid\{3ceb882d-6b2b-4d81-a544-9d9b1d6fa945}\ (11 subtraces) (ID = 127234)
12:51 PM: HKCR\clsid\{4dbcfaf7-62e1-4811-8acc-6511e7192cb4}\ (10 subtraces) (ID = 127236)
12:51 PM: HKCR\clsid\{6fb2639a-4ba3-4531-8db8-fab03e0a8ffd}\ (2 subtraces) (ID = 127237)
12:51 PM: HKCR\clsid\{6fe00b71-7251-4e00-9186-ed89bbb946b8}\ (14 subtraces) (ID = 127238)
12:51 PM: HKCR\clsid\{31d0c6ff-5897-4a57-8005-a50fce4ce159}\ (11 subtraces) (ID = 127243)
12:51 PM: HKCR\clsid\{60f630a2-41ec-11d5-b558-00d0b77f0a6d}\ (10 subtraces) (ID = 127245)
12:51 PM: HKCR\clsid\{69fd62b1-0216-4c31-8d55-840ed86b7c8f}\ (11 subtraces) (ID = 127247)
12:51 PM: HKCR\clsid\{75d2080b-4857-4b96-9b7d-732634fbd01f}\ (11 subtraces) (ID = 127249)
12:51 PM: HKCR\clsid\{454b4812-e572-4703-a1bb-63490809eac0}\ (11 subtraces) (ID = 127252)
12:51 PM: HKCR\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}\ (11 subtraces) (ID = 127253)
12:51 PM: HKCR\clsid\{1038dd23-8ae8-451b-a134-4db8a49aa519}\ (11 subtraces) (ID = 127254)
12:51 PM: HKCR\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (12 subtraces) (ID = 127255)
12:51 PM: HKCR\clsid\{175652e8-8bcc-47c4-b591-0d630f469c19}\ (14 subtraces) (ID = 127258)
12:51 PM: HKCR\clsid\{354382db-df55-4da9-85a3-41696a0f510f}\ (11 subtraces) (ID = 127260)
12:51 PM: HKCR\clsid\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (16 subtraces) (ID = 127262)
12:51 PM: HKCR\clsid\{a80347e0-f757-11d4-a466-00508b5ba2df}\ (20 subtraces) (ID = 127263)
12:51 PM: HKCR\clsid\{becafc17-baf9-11d4-b492-00d0b77f0a6d}\ (26 subtraces) (ID = 127266)
12:51 PM: HKCR\clsid\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}\ (17 subtraces) (ID = 127273)
12:51 PM: HKCR\hbcoresrv.dynamicprop.1\ (3 subtraces) (ID = 127276)
12:51 PM: HKCR\hbcoresrv.dynamicprop\ (5 subtraces) (ID = 127277)
12:51 PM: HKCR\hbcoresrv.hbcoreservices\ (5 subtraces) (ID = 127278)
12:51 PM: HKCR\hbcoresrv.lfgax.1\ (3 subtraces) (ID = 127279)
12:51 PM: HKCR\hbcoresrv.lfgax\ (5 subtraces) (ID = 127280)
12:51 PM: HKCR\hbhostie.bho.1\ (3 subtraces) (ID = 127281)
12:51 PM: HKCR\hbhostie.bho\ (5 subtraces) (ID = 127282)
12:51 PM: HKCR\hbhostol.hbelementfocus.1\ (3 subtraces) (ID = 127284)
12:51 PM: HKCR\hbhostol.hbelementfocus\ (5 subtraces) (ID = 127285)
12:51 PM: HKCR\hbhostol.hbmailanim\ (5 subtraces) (ID = 127286)
12:51 PM: HKCR\hbhostol.hbwebmailsend.1\ (3 subtraces) (ID = 127287)
12:51 PM: HKCR\hbhostol.hbwebmailsend\ (5 subtraces) (ID = 127288)
12:51 PM: HKCR\hbinstie.hbinstobj\ (5 subtraces) (ID = 127289)
12:51 PM: HKCR\hbsrv.hbcoreservices\ (5 subtraces) (ID = 127290)
12:51 PM: HKCR\hbtoolbar.hbhtmlmenuui.1\ (3 subtraces) (ID = 127303)
12:51 PM: HKCR\hbtoolbar.hbhtmlmenuui\ (5 subtraces) (ID = 127304)
12:51 PM: HKCR\hbtoolbar.hbtoolbarctl\ (5 subtraces) (ID = 127305)
12:51 PM: HKCR\hotbar.hbcommband\ (5 subtraces) (ID = 127319)
12:51 PM: HKCR\hotbar.hbmain\ (5 subtraces) (ID = 127322)
12:51 PM: HKCR\hotbar.hbtravelcomparebar.1\ (3 subtraces) (ID = 127323)
12:51 PM: HKCR\hotbar.hbtravelcomparebar\ (5 subtraces) (ID = 127324)
12:51 PM: HKCR\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 127325)
12:51 PM: HKCR\interface\{4bf4fafa-186e-4e36-8f74-525290438d7b}\ (8 subtraces) (ID = 127326)
12:51 PM: HKCR\interface\{6a6ebae8-8c66-4675-b423-95b3ba530940}\ (8 subtraces) (ID = 127327)
12:51 PM: HKCR\interface\{6f885f52-b45f-45bc-8642-fe3d56155a3a}\ (8 subtraces) (ID = 127328)
12:51 PM: HKCR\interface\{7e33bc81-0818-11d5-b50d-00d0b77f0a6d}\ (8 subtraces) (ID = 127329)
12:51 PM: HKCR\interface\{8f59f897-6923-4b3b-8156-4e55d19de99a}\ (8 subtraces) (ID = 127330)
12:51 PM: HKCR\interface\{9dd19d39-2cdc-465b-bb21-1d433590ba3d}\ (8 subtraces) (ID = 127331)
12:51 PM: HKCR\interface\{9ee87a26-b2c8-4130-83f6-e8511d939976}\ (8 subtraces) (ID = 127332)
12:51 PM: HKCR\interface\{20d21e02-8c1c-41fe-9826-dab4c223436c}\ (8 subtraces) (ID = 127333)
12:51 PM: HKCR\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\ (8 subtraces) (ID = 127334)
12:51 PM: HKCR\interface\{340d8791-0e2c-43cf-9671-7e90aafbf0da}\ (8 subtraces) (ID = 127335)
12:51 PM: HKCR\interface\{918e4b7a-4d80-43a4-83a7-39adcc11841f}\ (8 subtraces) (ID = 127336)
12:51 PM: HKCR\interface\{3103e312-e1bb-49ab-80eb-0a92fca78746}\ (8 subtraces) (ID = 127338)
12:51 PM: HKCR\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 127339)
12:51 PM: HKCR\interface\{17719b54-fad1-11d4-a466-00508b5ba2df}\ (8 subtraces) (ID = 127340)
12:51 PM: HKCR\interface\{46417afd-7a15-4ed1-b764-cb72cd4d904f}\ (8 subtraces) (ID = 127341)
12:51 PM: HKCR\interface\{66291bef-c867-43c0-a7b4-d13393814bcd}\ (8 subtraces) (ID = 127342)
12:51 PM: HKCR\interface\{927420a3-7259-4a74-b402-9329177ec3fc}\ (8 subtraces) (ID = 127343)
12:51 PM: HKCR\interface\{7138714c-9819-4ab1-9a86-e7c413c9a99e}\ (8 subtraces) (ID = 127344)
12:51 PM: HKCR\interface\{31321312-e1bb-49ab-80eb-13212ca78746}\ (8 subtraces) (ID = 127346)
12:51 PM: HKCR\interface\{a1772e14-9291-454e-aede-02161fbc3e59}\ (8 subtraces) (ID = 127347)
12:51 PM: HKCR\interface\{a80347df-f757-11d4-a466-00508b5ba2df}\ (8 subtraces) (ID = 127348)
12:51 PM: HKCR\interface\{ad9a7b03-be12-11d4-b493-00d0b77f0a6d}\ (8 subtraces) (ID = 127349)
12:51 PM: HKCR\interface\{b00609a6-82af-4c55-bbb8-adc8593ceb86}\ (8 subtraces) (ID = 127350)
12:51 PM: HKCR\interface\{b195b3b2-8a05-11d3-97a4-0004aca6948e}\ (8 subtraces) (ID = 127352)
12:51 PM: HKCR\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 127353)
12:51 PM: HKCR\interface\{bc2025dc-136b-492f-aeff-31d0ba8b98da}\ (8 subtraces) (ID = 127354)
12:51 PM: HKCR\interface\{c8539bfe-8fd7-405c-8eef-d9af48dc6ba4}\ (8 subtraces) (ID = 127355)
12:51 PM: HKCR\interface\{da603411-0593-11d5-a46b-00508b5ba2df}\ (8 subtraces) (ID = 127356)
12:51 PM: HKCR\interface\{da603411-0593-11d5-a46b-10101b1b1111}\ (8 subtraces) (ID = 127357)
12:51 PM: HKCR\interface\{da603411-0593-11d5-a46b-10101ddd1111}\ (8 subtraces) (ID = 127358)
12:51 PM: HKCR\interface\{f7a1bf21-1d7d-4f5f-a201-0ca35a5cd68f}\ (8 subtraces) (ID = 127359)
12:51 PM: HKCR\interface\{f64b26c1-07de-11d5-b50d-00d0b77f0a6d}\ (8 subtraces) (ID = 127360)
12:51 PM: HKCR\interface\{f4132b7b-1576-41b6-abd8-39c6c53047f7}\ (8 subtraces) (ID = 127361)
12:51 PM: HKCR\rprtspsclient.psexecuter.1\ (3 subtraces) (ID = 127362)
12:51 PM: HKCR\rprtspsclient.psexecuter\ (5 subtraces) (ID = 127363)
12:51 PM: HKCR\shprrprts.hbax.1\ (3 subtraces) (ID = 127365)
12:51 PM: HKCR\shprrprts.hbax\ (5 subtraces) (ID = 127366)
12:51 PM: HKCR\shprrprts.hbcommband.1\ (3 subtraces) (ID = 127367)
12:51 PM: HKCR\shprrprts.hbcommband\ (5 subtraces) (ID = 127368)
12:51 PM: HKCR\shprrprts.hbinfoband.1\ (3 subtraces) (ID = 127369)
12:51 PM: HKCR\shprrprts.hbinfoband\ (5 subtraces) (ID = 127370)
12:51 PM: HKCR\shprrprts.iebutton.1\ (3 subtraces) (ID = 127371)
12:51 PM: HKCR\shprrprts.iebutton\ (5 subtraces) (ID = 127372)
12:51 PM: HKCR\shprrprts.iebuttona.1\ (3 subtraces) (ID = 127373)
12:51 PM: HKCR\shprrprts.iebuttona\ (5 subtraces) (ID = 127374)
12:51 PM: HKCR\shprrprts.smrtshprctl.1\ (3 subtraces) (ID = 127375)
12:51 PM: HKCR\shprrprts.smrtshprctl\ (5 subtraces) (ID = 127376)
12:51 PM: HKLM\software\classes\appid\hbsrv.exe\ (1 subtraces) (ID = 127377)
12:51 PM: HKLM\software\classes\appid\weatherontray.exe\ (1 subtraces) (ID = 127380)
12:51 PM: HKLM\software\classes\appid\{0507fdde-f3b7-49f5-9e8f-c557e991f39b}\ (1 subtraces) (ID = 127381)
12:51 PM: HKLM\software\classes\appid\{b701a705-f828-11d4-a466-00508b5ba2df}\ (1 subtraces) (ID = 127384)
12:51 PM: HKLM\software\classes\clsid\{0774f696-d801-4c18-81a7-a3a32b8bef19}\ (10 subtraces) (ID = 127395)
12:51 PM: HKLM\software\classes\clsid\{1e0004ec-5df0-48c7-a8f0-fbb0488a3d94}\ (11 subtraces) (ID = 127396)
12:51 PM: HKLM\software\classes\clsid\{1e6ac766-9094-4bcf-abd3-39e2eaea5fcd}\ (18 subtraces) (ID = 127397)
12:51 PM: HKLM\software\classes\clsid\{4dbcfaf7-62e1-4811-8acc-6511e7192cb4}\ (10 subtraces) (ID = 127400)
12:51 PM: HKLM\software\classes\clsid\{6fe00b71-7251-4e00-9186-ed89bbb946b8}\ (14 subtraces) (ID = 127401)
12:51 PM: HKLM\software\classes\clsid\{31d0c6ff-5897-4a57-8005-a50fce4ce159}\ (11 subtraces) (ID = 127406)
12:51 PM: HKLM\software\classes\clsid\{60f630a2-41ec-11d5-b558-00d0b77f0a6d}\ (10 subtraces) (ID = 127408)
12:51 PM: HKLM\software\classes\clsid\{69fd62b1-0216-4c31-8d55-840ed86b7c8f}\ (11 subtraces) (ID = 127410)
12:51 PM: HKLM\software\classes\clsid\{75d2080b-4857-4b96-9b7d-732634fbd01f}\ (11 subtraces) (ID = 127412)
12:51 PM: HKLM\software\classes\clsid\{454b4812-e572-4703-a1bb-63490809eac0}\ (11 subtraces) (ID = 127415)
12:51 PM: HKLM\software\classes\clsid\{580a1f3f-89b4-433b-bbdb-b97aeb13f3fc}\ (11 subtraces) (ID = 127417)
12:51 PM: HKLM\software\classes\clsid\{1038dd23-8ae8-451b-a134-4db8a49aa519}\ (11 subtraces) (ID = 127418)
12:51 PM: HKLM\software\classes\clsid\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (12 subtraces) (ID = 127419)
12:51 PM: HKLM\software\classes\clsid\{175652e8-8bcc-47c4-b591-0d630f469c19}\ (14 subtraces) (ID = 127422)
12:51 PM: HKLM\software\classes\clsid\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (16 subtraces) (ID = 127426)
12:51 PM: HKLM\software\classes\clsid\{a80347e0-f757-11d4-a466-00508b5ba2df}\ (20 subtraces) (ID = 127428)
12:51 PM: HKLM\software\classes\clsid\{becafc17-baf9-11d4-b492-00d0b77f0a6d}\ (26 subtraces) (ID = 127430)
12:51 PM: HKLM\software\classes\contact.contacts.1\ (3 subtraces) (ID = 127438)
12:51 PM: HKLM\software\classes\contact.contacts\ (5 subtraces) (ID = 127439)
12:51 PM: HKLM\software\classes\hbcoresrv.dynamicprop\ (5 subtraces) (ID = 127441)
12:51 PM: HKLM\software\classes\hbcoresrv.hbcoreservices.1\ (3 subtraces) (ID = 127442)
12:51 PM: HKLM\software\classes\hbcoresrv.hbcoreservices\ (5 subtraces) (ID = 127443)
12:51 PM: HKLM\software\classes\hbcoresrv.lfgax.1\ (3 subtraces) (ID = 127444)
12:51 PM: HKLM\software\classes\hbcoresrv.lfgax\ (5 subtraces) (ID = 127445)
12:51 PM: HKLM\software\classes\hbhostie.bho.1\ (3 subtraces) (ID = 127446)
12:51 PM: HKLM\software\classes\hbhostie.bho\ (5 subtraces) (ID = 127447)
12:51 PM: HKLM\software\classes\hbhostol.hbelementfocus.1\ (3 subtraces) (ID = 127449)
12:51 PM: HKLM\software\classes\hbhostol.hbmailanim.1\ (3 subtraces) (ID = 127450)
12:51 PM: HKLM\software\classes\hbhostol.hbmailanim\ (5 subtraces) (ID = 127451)
12:51 PM: HKLM\software\classes\hbhostol.hbwebmailsend.1\ (3 subtraces) (ID = 127452)
12:51 PM: HKLM\software\classes\hbinstie.hbinstobj.1\ (3 subtraces) (ID = 127453)
12:51 PM: HKLM\software\classes\hbinstie.hbinstobj\ (5 subtraces) (ID = 127454)
12:51 PM: HKLM\software\classes\hbsrv.hbcoreservices.1\ (3 subtraces) (ID = 127455)
12:51 PM: HKLM\software\classes\hbsrv.hbcoreservices\ (5 subtraces) (ID = 127456)
12:51 PM: HKLM\software\classes\hbtoolbar.hbhtmlmenuui.1\ (3 subtraces) (ID = 127469)
12:51 PM: HKLM\software\classes\hbtoolbar.hbtoolbarctl.1\ (3 subtraces) (ID = 127470)
12:51 PM: HKLM\software\classes\hbtoolbar.hbtoolbarctl\ (5 subtraces) (ID = 127471)
12:51 PM: HKLM\software\classes\hotbar.hbcommband.1\ (3 subtraces) (ID = 127485)
12:51 PM: HKLM\software\classes\hotbar.hbcommband\ (5 subtraces) (ID = 127486)
12:51 PM: HKLM\software\classes\hotbar.hbmain.1\ (3 subtraces) (ID = 127487)
12:51 PM: HKLM\software\classes\hotbar.hbmain\ (5 subtraces) (ID = 127488)
12:51 PM: HKLM\software\classes\hotbar.hbtravelcomparebar.1\ (3 subtraces) (ID = 127489)
12:51 PM: HKLM\software\classes\interface\{3f04cbf7-cd62-4403-b090-b432dedcb159}\ (8 subtraces) (ID = 127490)
12:51 PM: HKLM\software\classes\interface\{4bf4fafa-186e-4e36-8f74-525290438d7b}\ (8 subtraces) (ID = 127491)
12:51 PM: HKLM\software\classes\interface\{6a6ebae8-8c66-4675-b423-95b3ba530940}\ (8 subtraces) (ID = 127492)
12:51 PM: HKLM\software\classes\interface\{6f885f52-b45f-45bc-8642-fe3d56155a3a}\ (8 subtraces) (ID = 127493)
12:51 PM: HKLM\software\classes\interface\{7e33bc81-0818-11d5-b50d-00d0b77f0a6d}\ (8 subtraces) (ID = 127494)
12:51 PM: HKLM\software\classes\interface\{8f59f897-6923-4b3b-8156-4e55d19de99a}\ (8 subtraces) (ID = 127495)
12:51 PM: HKLM\software\classes\interface\{9dd19d39-2cdc-465b-bb21-1d433590ba3d}\ (8 subtraces) (ID = 127496)
12:51 PM: HKLM\software\classes\interface\{9ee87a26-b2c8-4130-83f6-e8511d939976}\ (8 subtraces) (ID = 127497)
12:51 PM: HKLM\software\classes\interface\{20d21e02-8c1c-41fe-9826-dab4c223436c}\ (8 subtraces) (ID = 127498)
12:51 PM: HKLM\software\classes\interface\{34f4d917-31e4-464c-b8b3-84c1ce76b395}\ (8 subtraces) (ID = 127499)
12:51 PM: HKLM\software\classes\interface\{918e4b7a-4d80-43a4-83a7-39adcc11841f}\ (8 subtraces) (ID = 127500)
12:51 PM: HKLM\software\classes\interface\{3103e312-e1bb-49ab-80eb-0a92fca78746}\ (8 subtraces) (ID = 127502)
12:51 PM: HKLM\software\classes\interface\{8578d35e-c6c0-4808-9a80-0f6c29a2c423}\ (8 subtraces) (ID = 127503)
12:51 PM: HKLM\software\classes\interface\{17719b53-fad1-11d4-a466-00508b5ba2df}\ (8 subtraces) (ID = 127504)
12:51 PM: HKLM\software\classes\interface\{46417afd-7a15-4ed1-b764-cb72cd4d904f}\ (8 subtraces) (ID = 127505)
12:51 PM: HKLM\software\classes\interface\{66291bef-c867-43c0-a7b4-d13393814bcd}\ (8 subtraces) (ID = 127506)
12:51 PM: HKLM\software\classes\interface\{7138714c-9819-4ab1-9a86-e7c413c9a99e}\ (8 subtraces) (ID = 127507)
12:51 PM: HKLM\software\classes\interface\{31321312-e1bb-49ab-80eb-13212ca78746}\ (8 subtraces) (ID = 127508)
12:51 PM: HKLM\software\classes\interface\{a1772e14-9291-454e-aede-02161fbc3e59}\ (8 subtraces) (ID = 127509)
12:51 PM: HKLM\software\classes\interface\{a80347df-f757-11d4-a466-00508b5ba2df}\ (8 subtraces) (ID = 127510)
12:51 PM: HKLM\software\classes\interface\{ad9a7b03-be12-11d4-b493-00d0b77f0a6d}\ (8 subtraces) (ID = 127511)
12:51 PM: HKLM\software\classes\interface\{b00609a6-82af-4c55-bbb8-adc8593ceb86}\ (8 subtraces) (ID = 127512)
12:51 PM: HKLM\software\classes\interface\{b195b3b2-8a05-11d3-97a4-0004aca6948e}\ (8 subtraces) (ID = 127513)
12:51 PM: HKLM\software\classes\interface\{bc190da5-0187-4d99-b3ac-6c45ea1b9324}\ (8 subtraces) (ID = 127514)
12:51 PM: HKLM\software\classes\interface\{da603411-0593-11d5-a46b-00508b5ba2df}\ (8 subtraces) (ID = 127515)
12:51 PM: HKLM\software\classes\interface\{da603411-0593-11d5-a46b-10101b1b1111}\ (8 subtraces) (ID = 127516)
12:51 PM: HKLM\software\classes\interface\{da603411-0593-11d5-a46b-10101ddd1111}\ (8 subtraces) (ID = 127517)
12:51 PM: HKLM\software\classes\interface\{f7a1bf21-1d7d-4f5f-a201-0ca35a5cd68f}\ (8 subtraces) (ID = 127518)
12:51 PM: HKLM\software\classes\interface\{f64b26c1-07de-11d5-b50d-00d0b77f0a6d}\ (8 subtraces) (ID = 127519)
12:51 PM: HKLM\software\classes\interface\{f4132b7b-1576-41b6-abd8-39c6c53047f7}\ (8 subtraces) (ID = 127520)
12:51 PM: HKLM\software\classes\rprtspsclient.psexecuter.1\ (3 subtraces) (ID = 127521)
12:51 PM: HKLM\software\classes\rprtspsclient.psexecuter\ (5 subtraces) (ID = 127522)
12:51 PM: HKLM\software\classes\shprrprts.hbax.1\ (3 subtraces) (ID = 127524)
12:51 PM: HKLM\software\classes\shprrprts.hbax\ (5 subtraces) (ID = 127525)
12:51 PM: HKLM\software\classes\shprrprts.hbcommband.1\ (3 subtraces) (ID = 127526)
12:51 PM: HKLM\software\classes\shprrprts.hbcommband\ (5 subtraces) (ID = 127527)
12:51 PM: HKLM\software\classes\shprrprts.hbinfoband.1\ (3 subtraces) (ID = 127528)
12:51 PM: HKLM\software\classes\shprrprts.hbinfoband\ (5 subtraces) (ID = 127529)
12:51 PM: HKLM\software\classes\shprrprts.iebutton.1\ (3 subtraces) (ID = 127530)
12:51 PM: HKLM\software\classes\shprrprts.iebutton\ (5 subtraces) (ID = 127531)
12:51 PM: HKLM\software\classes\shprrprts.iebuttona.1\ (3 subtraces) (ID = 127532)
12:51 PM: HKLM\software\classes\shprrprts.iebuttona\ (5 subtraces) (ID = 127533)
12:51 PM: HKLM\software\classes\shprrprts.smrtshprctl.1\ (3 subtraces) (ID = 127534)
12:51 PM: HKLM\software\classes\shprrprts.smrtshprctl\ (5 subtraces) (ID = 127535)
12:51 PM: HKLM\software\classes\typelib\{5ba32d9e-f1bd-476c-ad42-97c9379a57a4}\ (9 subtraces) (ID = 127538)
12:51 PM: HKLM\software\classes\typelib\{6d6d1580-5b74-40ea-97f4-3c2b46c5abdd}\ (9 subtraces) (ID = 127539)
12:51 PM: HKLM\software\classes\typelib\{60f63095-41ec-11d5-b558-00d0b77f0a6d}\ (9 subtraces) (ID = 127541)
12:51 PM: HKLM\software\classes\typelib\{94beb7a2-36b7-46dc-8ad1-81a8332409c0}\ (9 subtraces) (ID = 127544)
12:51 PM: HKLM\software\classes\typelib\{842d315a-7e1e-448b-96e8-9e76d1820be2}\ (9 subtraces) (ID = 127546)
12:51 PM: HKLM\software\classes\typelib\{522985f4-ba43-45a0-9b20-ab5f82c0ff7e}\ (9 subtraces) (ID = 127548)
12:51 PM: HKLM\software\classes\typelib\{a80347d3-f757-11d4-a466-00508b5ba2df}\ (9 subtraces) (ID = 127550)
12:51 PM: HKLM\software\classes\typelib\{ab357854-7a72-4fbe-9382-cc74b45a3add}\ (9 subtraces) (ID = 127551)
12:51 PM: HKLM\software\classes\typelib\{b195b3a5-8a05-11d3-97a4-0004aca6948e}\ (9 subtraces) (ID = 127553)
12:51 PM: HKLM\software\classes\typelib\{b701a704-f828-11d4-a466-00508b5ba2df}\ (9 subtraces) (ID = 127554)
12:51 PM: HKLM\software\classes\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 127555)
12:51 PM: HKLM\software\classes\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 127557)
12:51 PM: HKLM\software\classes\wallpaper.wallpapermanager\ (5 subtraces) (ID = 127559)
12:51 PM: HKLM\software\hotbar\ (62 subtraces) (ID = 127566)
12:51 PM: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ (6 subtraces) (ID = 127577)
12:51 PM: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || buttontext (ID = 127578)
12:51 PM: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || default visible (ID = 127579)
12:51 PM: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || hoticon (ID = 127580)
12:51 PM: HKLM\software\microsoft\internet explorer\extensions\{946b3e9e-e21a-49c8-9f63-900533fafe14}\ || icon (ID = 127581)
12:51 PM: HKLM\software\microsoft\internet explorer\extensions\{e77eda01-3c56-4a96-8d08-02b42891c169}\ (6 subtraces) (ID = 127582)
12:51 PM: HKLM\software\microsoft\internet explorer\toolbar\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127584)
12:51 PM: HKLM\software\microsoft\office\outlook\addins\hbhostol.hbmailanim\ (4 subtraces) (ID = 127589)
12:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\hotbaroutlooktools\ (3 subtraces) (ID = 127624)
12:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\hotbarwebtools\ (3 subtraces) (ID = 127626)
12:51 PM: HKLM\software\shopperreports\ (9 subtraces) (ID = 127632)
12:51 PM: HKCR\typelib\{5ba32d9e-f1bd-476c-ad42-97c9379a57a4}\ (9 subtraces) (ID = 127636)
12:51 PM: HKCR\typelib\{6d6d1580-5b74-40ea-97f4-3c2b46c5abdd}\ (9 subtraces) (ID = 127637)
12:51 PM: HKCR\typelib\{60f63095-41ec-11d5-b558-00d0b77f0a6d}\ (9 subtraces) (ID = 127639)
12:51 PM: HKCR\typelib\{94beb7a2-36b7-46dc-8ad1-81a8332409c0}\ (9 subtraces) (ID = 127642)
12:51 PM: HKCR\typelib\{842d315a-7e1e-448b-96e8-9e76d1820be2}\ (9 subtraces) (ID = 127644)
12:51 PM: HKCR\typelib\{522985f4-ba43-45a0-9b20-ab5f82c0ff7e}\ (9 subtraces) (ID = 127646)
12:51 PM: HKCR\typelib\{a80347d3-f757-11d4-a466-00508b5ba2df}\ (9 subtraces) (ID = 127648)
12:51 PM: HKCR\typelib\{ab357854-7a72-4fbe-9382-cc74b45a3add}\ (9 subtraces) (ID = 127649)
12:51 PM: HKCR\typelib\{b195b3a5-8a05-11d3-97a4-0004aca6948e}\ (9 subtraces) (ID = 127652)
12:51 PM: HKCR\typelib\{b701a704-f828-11d4-a466-00508b5ba2df}\ (9 subtraces) (ID = 127653)
12:51 PM: HKCR\typelib\{b5901229-25cc-43c9-b604-3bb6ac2b48a5}\ (9 subtraces) (ID = 127654)
12:51 PM: HKCR\typelib\{c83daed4-0611-4f7a-978e-7feafcb2f91b}\ (9 subtraces) (ID = 127656)
12:51 PM: HKCR\wallpaper.wallpapermanager.1\ (3 subtraces) (ID = 127658)
12:51 PM: HKCR\wallpaper.wallpapermanager\ (5 subtraces) (ID = 127659)
12:51 PM: Found Adware: topsearch
12:51 PM: HKCR\clsid\{b7156514-a76c-4545-9d5b-a4e1d02c7aec}\ (21 subtraces) (ID = 143925)
12:51 PM: HKLM\software\classes\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (8 subtraces) (ID = 143928)
12:51 PM: HKCR\typelib\{edd3b3e9-3ffd-4836-a6de-d4a9c473a971}\ (8 subtraces) (ID = 143930)
12:51 PM: Found Trojan Horse: trojan-backdoor-catan
12:51 PM: HKLM\software\catal\ (2 subtraces) (ID = 143987)
12:51 PM: HKCR\dll.dllbho\ (5 subtraces) (ID = 143988)
12:51 PM: HKCR\dll.dllbho.1\clsid\ (1 subtraces) (ID = 143989)
12:51 PM: HKLM\software\classes\dll.dllbho\ (5 subtraces) (ID = 143990)
12:51 PM: HKLM\software\classes\dll.dllbho.1\ (3 subtraces) (ID = 143991)
12:51 PM: HKCR\typelib\{4145c395-632a-4025-88ea-f1aa0479746e}\ (8 subtraces) (ID = 143994)
12:51 PM: HKLM\software\classes\typelib\{4145c395-632a-4025-88ea-f1aa0479746e}\ (8 subtraces) (ID = 143995)
12:51 PM: Found Trojan Horse: trojan-backdoor-coworg
12:51 PM: HKLM\software\cat\ (3 subtraces) (ID = 390601)
12:51 PM: HKLM\software\microsoft\windows\currentversion\internet settings\5.0\user agent\post platform\ || hotbar 4.6.1 (ID = 484422)
12:51 PM: HKCR\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (8 subtraces) (ID = 774322)
12:51 PM: HKLM\software\classes\interface\{5d9c84e7-fa45-49e2-a0b8-b6b5e9a4f6be}\ (8 subtraces) (ID = 774598)
12:51 PM: HKLM\software\microsoft\windows\currentversion\uninstall\hotbar shopperreports\ (5 subtraces) (ID = 774763)
12:51 PM: HKCR\contact.contacts\ (5 subtraces) (ID = 1083811)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-500\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\hotbar\ (459 subtraces) (ID = 127565)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\explorer bars\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (1 subtraces) (ID = 127571)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\explorer bars\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (2 subtraces) (ID = 127572)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\explorer bars\{becafc17-baf9-11d4-b492-00d0b77f0a6d}\ (1 subtraces) (ID = 127573)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\explorer bars\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}\ (2 subtraces) (ID = 127574)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\shopperreports\ (5 subtraces) (ID = 127631)
12:51 PM: Found Adware: cydoor
12:51 PM: HKU\WRSS_Profile_S-1-5-21-733779522-3441112346-1792624909-1007\software\cydoor\ (2 subtraces) (ID = 639126)
12:51 PM: Found Adware: cydoor peer-to-peer dependency
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\kazaa\promotions\cydoor\ (1605 subtraces) (ID = 124527)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\hotbar\ (476 subtraces) (ID = 127565)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\explorer bars\{2178c864-b8bc-41ae-a1fb-eb6a32f87eb1}\ (1 subtraces) (ID = 127571)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\explorer bars\{a798e2b4-b6a0-4b96-8c53-8ec7a3b0895a}\ (2 subtraces) (ID = 127572)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\explorer bars\{becafc17-baf9-11d4-b492-00d0b77f0a6d}\ (1 subtraces) (ID = 127573)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\explorer bars\{ff6b2fd5-093c-4d4f-bb98-5641130a9de6}\ (2 subtraces) (ID = 127574)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\toolbar\shellbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127585)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\microsoft\internet explorer\toolbar\webbrowser\ || {b195b3b3-8a05-11d3-97a4-0004aca6948e} (ID = 127587)
12:51 PM: HKU\S-1-5-21-733779522-3441112346-1792624909-1006\software\shopperreports\ (5 subtraces) (ID = 127631)
12:51 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {946b3e9e-e21a-49c8-9f63-900533fafe14} (ID = 127575)
12:51 PM: HKU\S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping\ || {e77eda01-3c56-4a96-8d08-02b42891c169} (ID = 127576)
12:51 PM: Registry Sweep Complete, Elapsed Time:00:00:18
12:51 PM: Starting Cookie Sweep
12:51 PM: Found Spy Cookie: 247realmedia cookie
12:51 PM: robin@247realmedia[1].txt (ID = 1953)
12:51 PM: Found Spy Cookie: 2o7.net cookie
12:51 PM: robin@2o7[2].txt (ID = 1957)
12:51 PM: Found Spy Cookie: about cookie
12:51 PM: robin@about[2].txt (ID = 2037)
12:51 PM: Found Spy Cookie: yieldmanager cookie
12:51 PM: robin@ad.yieldmanager[2].txt (ID = 3751)
12:51 PM: Found Spy Cookie: adknowledge cookie
12:51 PM: robin@adknowledge[2].txt (ID = 2072)
12:51 PM: Found Spy Cookie: hbmediapro cookie
12:51 PM: robin@adopt.hbmediapro[2].txt (ID = 2768)
12:51 PM: Found Spy Cookie: hotbar cookie
12:51 PM: robin@adopt.hotbar[2].txt (ID = 4207)
12:51 PM: Found Spy Cookie: specificclick.com cookie
12:51 PM: robin@adopt.specificclick[2].txt (ID = 3400)
12:51 PM: Found Spy Cookie: adrevolver cookie
12:51 PM: robin@adrevolver[1].txt (ID = 2088)
12:51 PM: robin@adrevolver[2].txt (ID = 2088)
12:51 PM: Found Spy Cookie: addynamix cookie
12:51 PM: robin@ads.addynamix[2].txt (ID = 2062)
12:51 PM: Found Spy Cookie: ads.adsag cookie
12:51 PM: robin@ads.adsag[1].txt (ID = 2108)
12:51 PM: Found Spy Cookie: pointroll cookie
12:51 PM: robin@ads.pointroll[2].txt (ID = 3148)
12:51 PM: Found Spy Cookie: advertising cookie
12:51 PM: robin@advertising[1].txt (ID = 2175)
12:51 PM: Found Spy Cookie: apmebf cookie
12:51 PM: robin@apmebf[2].txt (ID = 2229)
12:51 PM: Found Spy Cookie: falkag cookie
12:51 PM: robin@as-us.falkag[1].txt (ID = 2650)
12:51 PM: Found Spy Cookie: ask cookie
12:51 PM: robin@ask[1].txt (ID = 2245)
12:51 PM: Found Spy Cookie: atlas dmt cookie
12:51 PM: robin@atdmt[2].txt (ID = 2253)
12:51 PM: Found Spy Cookie: belnk cookie
12:51 PM: robin@ath.belnk[1].txt (ID = 2293)
12:51 PM: Found Spy Cookie: atwola cookie
12:51 PM: robin@atwola[1].txt (ID = 2255)
12:51 PM: Found Spy Cookie: azjmp cookie
12:51 PM: robin@azjmp[2].txt (ID = 2270)
12:51 PM: Found Spy Cookie: banner cookie
12:51 PM: robin@banner[1].txt (ID = 2276)
12:51 PM: robin@belnk[2].txt (ID = 2292)
12:51 PM: Found Spy Cookie: bluemountain cookie
12:51 PM: robin@bluemountain[1].txt (ID = 2312)
12:51 PM: Found Spy Cookie: bluestreak cookie
12:51 PM: robin@bluestreak[1].txt (ID = 2314)
12:51 PM: Found Spy Cookie: burstnet cookie
12:51 PM: robin@burstnet[2].txt (ID = 2336)
12:51 PM: Found Spy Cookie: casalemedia cookie
12:51 PM: robin@casalemedia[1].txt (ID = 2354)
12:51 PM: Found Spy Cookie: centrport net cookie
12:51 PM: robin@centrport[1].txt (ID = 2374)
12:51 PM: robin@cnn.122.2o7[1].txt (ID = 1958)
12:51 PM: Found Spy Cookie: go.com cookie
12:51 PM: robin@corporate.disney.go[1].txt (ID = 2729)
12:51 PM: robin@cs.hotbar[1].txt (ID = 2798)
12:51 PM: robin@disneycruise.disney.go[1].txt (ID = 2729)
12:51 PM: robin@dist.belnk[1].txt (ID = 2293)
12:51 PM: Found Spy Cookie: ru4 cookie
12:51 PM: robin@edge.ru4[2].txt (ID = 3269)
12:51 PM: Found Spy Cookie: fastclick cookie
12:51 PM: robin@fastclick[1].txt (ID = 2651)
12:51 PM: robin@french.about[2].txt (ID = 2038)
12:51 PM: robin@go[2].txt (ID = 2728)
12:51 PM: robin@healthyherbs.about[1].txt (ID = 2038)
12:51 PM: robin@hotbar[2].txt (ID = 2797)
12:51 PM: Found Spy Cookie: howstuffworks cookie
12:51 PM: robin@howstuffworks[2].txt (ID = 2805)
12:51 PM: Found Spy Cookie: screensavers.com cookie
12:51 PM: robin@i.screensavers[1].txt (ID = 3298)
12:51 PM: Found Spy Cookie: maxserving cookie
12:51 PM: robin@maxserving[1].txt (ID = 2966)
12:51 PM: robin@media.fastclick[1].txt (ID = 2652)
12:51 PM: Found Spy Cookie: touchclarity cookie
12:51 PM: robin@msn.touchclarity[1].txt (ID = 3566)
12:51 PM: robin@msnportal.112.2o7[1].txt (ID = 1958)
12:51 PM: Found Spy Cookie: overture cookie
12:51 PM: robin@overture[1].txt (ID = 3105)
12:51 PM: Found Spy Cookie: qksrv cookie
12:51 PM: robin@qksrv[2].txt (ID = 3213)
12:51 PM: Found Spy Cookie: questionmarket cookie
12:51 PM: robin@questionmarket[2].txt (ID = 3217)
12:51 PM: Found Spy Cookie: realmedia cookie
12:51 PM: robin@realmedia[1].txt (ID = 3235)
12:51 PM: Found Spy Cookie: rn11 cookie
12:51 PM: robin@rn11[2].txt (ID = 3261)
12:51 PM: Found Spy Cookie: servedby advertising cookie
12:51 PM: robin@servedby.advertising[1].txt (ID = 3335)
12:51 PM: Found Spy Cookie: server.iad.liveperson cookie
12:51 PM: robin@server.iad.liveperson[1].txt (ID = 3341)
12:51 PM: Found Spy Cookie: starware.com cookie
12:51 PM: robin@starware[2].txt (ID = 3441)
12:51 PM: Found Spy Cookie: onestat.com cookie
12:51 PM: robin@stat.onestat[1].txt (ID = 3098)
12:51 PM: Found Spy Cookie: statcounter cookie
12:51 PM: robin@statcounter[2].txt (ID = 3447)
12:51 PM: Found Spy Cookie: reliablestats cookie
12:51 PM: robin@stats1.reliablestats[2].txt (ID = 3254)
12:51 PM: Found Spy Cookie: webtrendslive cookie
12:51 PM: robin@statse.webtrendslive[2].txt (ID = 3667)
12:51 PM: Found Spy Cookie: targetnet cookie
12:51 PM: robin@targetnet[1].txt (ID = 3489)
12:51 PM: Found Spy Cookie: tickle cookie
12:51 PM: robin@tickle[2].txt (ID = 3529)
12:51 PM: robin@tooltips.hotbar[1].txt (ID = 2798)
12:51 PM: Found Spy Cookie: trafficmp cookie
12:51 PM: robin@trafficmp[1].txt (ID = 3581)
12:51 PM: Found Spy Cookie: trb.com cookie
12:51 PM: robin@trb[1].txt (ID = 3587)
12:51 PM: Found Spy Cookie: tribalfusion cookie
12:51 PM: robin@tribalfusion[2].txt (ID = 3589)
12:51 PM: robin@usnews.122.2o7[1].txt (ID = 1958)
12:51 PM: Found Spy Cookie: weborama cookie
12:51 PM: robin@weborama[1].txt (ID = 3658)
12:51 PM: robin@www.disney.go[1].txt (ID = 2729)
12:51 PM: robin@www.screensavers[1].txt (ID = 3298)
12:51 PM: Found Spy Cookie: web-stat cookie
12:51 PM: robin@www.web-stat[2].txt (ID = 3649)
12:51 PM: Found Spy Cookie: xiti cookie
12:51 PM: robin@xiti[1].txt (ID = 3717)
12:51 PM: Found Spy Cookie: adserver cookie
12:51 PM: robin@z1.adserver[1].txt (ID = 2142)
12:51 PM: Found Spy Cookie: zedo cookie
12:51 PM: robin@zedo[1].txt (ID = 3762)
12:51 PM: owner@112.2o7[2].txt (ID = 1958)
12:51 PM: owner@247realmedia[2].txt (ID = 1953)
12:51 PM: owner@2o7[1].txt (ID = 1957)
12:51 PM: Found Spy Cookie: websponsors cookie
12:51 PM: owner@a.websponsors[2].txt (ID = 3665)
12:51 PM: owner@about[2].txt (ID = 2037)
12:51 PM: owner@ad.yieldmanager[2].txt (ID = 3751)
12:51 PM: owner@adknowledge[1].txt (ID = 2072)
12:51 PM: Found Spy Cookie: adlegend cookie
12:51 PM: owner@adlegend[1].txt (ID = 2074)
12:51 PM: owner@adopt.hotbar[2].txt (ID = 4207)
12:51 PM: owner@adrevolver[2].txt (ID = 2088)
12:51 PM: owner@adrevolver[3].txt (ID = 2088)
12:51 PM: owner@ads.addynamix[1].txt (ID = 2062)
12:51 PM: owner@ads.pointroll[1].txt (ID = 3148)
12:51 PM: Found Spy Cookie: adtech cookie
12:51 PM: owner@adtech[2].txt (ID = 2155)
12:51 PM: owner@advertising[2].txt (ID = 2175)
12:51 PM: owner@atdmt[2].txt (ID = 2253)
12:51 PM: owner@ath.belnk[2].txt (ID = 2293)
12:51 PM: Found Spy Cookie: a cookie
12:51 PM: owner@a[2].txt (ID = 2027)
12:51 PM: Found Spy Cookie: bannerspace cookie
12:51 PM: owner@bannerspace[1].txt (ID = 2284)
12:51 PM: owner@belnk[2].txt (ID = 2292)
12:51 PM: owner@bluestreak[2].txt (ID = 2314)
12:51 PM: Found Spy Cookie: bravenet cookie
12:51 PM: owner@bravenet[2].txt (ID = 2322)
12:51 PM: Found Spy Cookie: bs.serving-sys cookie
12:51 PM: owner@bs.serving-sys[1].txt (ID = 2330)
12:51 PM: owner@burstnet[1].txt (ID = 2336)
12:51 PM: Found Spy Cookie: goclick cookie
12:51 PM: owner@c.goclick[2].txt (ID = 2733)
12:51 PM: owner@canadaonline.about[1].txt (ID = 2038)
12:51 PM: owner@casalemedia[2].txt (ID = 2354)
12:51 PM: owner@cheerleading.about[1].txt (ID = 2038)
12:51 PM: owner@chineseculture.about[2].txt (ID = 2038)
12:51 PM: Found Spy Cookie: classmates cookie
12:51 PM: owner@classmates[1].txt (ID = 2384)
12:51 PM: Found Spy Cookie: hitslink cookie
12:51 PM: owner@counter.hitslink[2].txt (ID = 2790)
12:51 PM: owner@cs.hotbar[2].txt (ID = 2798)
12:51 PM: Found Spy Cookie: 360i cookie
12:51 PM: owner@ct.360i[2].txt (ID = 1962)
12:51 PM: owner@dist.belnk[2].txt (ID = 2293)
12:51 PM: owner@edge.ru4[2].txt (ID = 3269)
12:51 PM: owner@fastclick[1].txt (ID = 2651)
12:51 PM: Found Spy Cookie: fortunecity cookie
12:51 PM: owner@fortunecity[1].txt (ID = 2686)
12:51 PM: owner@french.about[1].txt (ID = 2038)
12:51 PM: owner@hotbar[2].txt (ID = 2797)
12:51 PM: owner@howstuffworks[2].txt (ID = 2805)
12:51 PM: owner@i.screensavers[2].txt (ID = 3298)
12:51 PM: Found Spy Cookie: ic-live cookie
12:51 PM: owner@ic-live[1].txt (ID = 2821)
12:51 PM: owner@maxserving[1].txt (ID = 2966)
12:51 PM: owner@microsofteup.112.2o7[1].txt (ID = 1958)
12:51 PM: owner@msn.touchclarity[2].txt (ID = 3566)
12:51 PM: owner@msnportal.112.2o7[1].txt (ID = 1958)
12:51 PM: Found Spy Cookie: nextag cookie
12:51 PM: owner@nextag[2].txt (ID = 5014)
12:51 PM: owner@overture[1].txt (ID = 3105)
12:51 PM: owner@painting.about[2].txt (ID = 2038)
12:51 PM: owner@pointroll[1].txt (ID = 3147)
12:51 PM: Found Spy Cookie: pro-market cookie
12:51 PM: owner@pro-market[1].txt (ID = 3197)
12:51 PM: owner@questionmarket[1].txt (ID = 3217)
12:51 PM: owner@realmedia[2].txt (ID = 3235)
12:51 PM: Found Spy Cookie: revenue.net cookie
12:51 PM: owner@revenue[2].txt (ID = 3257)
12:51 PM: owner@rn11[2].txt (ID = 3261)
12:51 PM: owner@server.iad.liveperson[1].txt (ID = 3341)
12:51 PM: owner@server3.web-stat[1].txt (ID = 3649)
12:51 PM: Found Spy Cookie: serving-sys cookie
12:51 PM: owner@serving-sys[1].txt (ID = 3343)
12:51 PM: Found Spy Cookie: servlet cookie
12:51 PM: owner@servlet[2].txt (ID = 3345)
12:51 PM: owner@stat.onestat[2].txt (ID = 3098)
12:51 PM: owner@statcounter[2].txt (ID = 3447)
12:51 PM: owner@statse.webtrendslive[2].txt (ID = 3667)
12:51 PM: owner@tickle[2].txt (ID = 3529)
12:51 PM: owner@tooltips.hotbar[1].txt (ID = 2798)
12:51 PM: Found Spy Cookie: toplist cookie
12:51 PM: owner@toplist[2].txt (ID = 3557)
12:51 PM: Found Spy Cookie: tradedoubler cookie
12:51 PM: owner@tradedoubler[1].txt (ID = 3575)
12:51 PM: owner@trafficmp[2].txt (ID = 3581)
12:51 PM: owner@tribalfusion[1].txt (ID = 3589)
12:51 PM: Found Spy Cookie: tripod cookie
12:51 PM: owner@tripod[1].txt (ID = 3591)
12:51 PM: Found Spy Cookie: uproar cookie
12:51 PM: owner@uproar[1].txt (ID = 3612)
12:51 PM: owner@urbanlegends.about[1].txt (ID = 2038)
12:51 PM: Found Spy Cookie: realtracker cookie
12:51 PM: owner@web4.realtracker[2].txt (ID = 3242)
12:51 PM: owner@weborama[2].txt (ID = 3658)
12:51 PM: Found Spy Cookie: 123count cookie
12:51 PM: owner@www.123count[2].txt (ID = 1928)
12:51 PM: Found Spy Cookie: burstbeacon cookie
12:51 PM: owner@www.burstbeacon[2].txt (ID = 2335)
12:51 PM: owner@www.fortunecity[1].txt (ID = 2687)
12:51 PM: Found Spy Cookie: myaffiliateprogram.com cookie
12:51 PM: owner@www.myaffiliateprogram[2].txt (ID = 3032)
12:51 PM: owner@www.screensavers[2].txt (ID = 3298)
12:51 PM: owner@www.web-stat[1].txt (ID = 3649)
12:51 PM: Found Spy Cookie: xxxtoolbar cookie
12:51 PM: owner@xxxtoolbar[2].txt (ID = 3739)
12:51 PM: owner@z1.adserver[1].txt (ID = 2142)
12:51 PM: owner@zedo[2].txt (ID = 3762)
12:51 PM: Cookie Sweep Complete, Elapsed Time: 00:00:16
12:51 PM: Starting File Sweep
12:51 PM: c:\program files\shopperreports\bin\1.0.8.0 (1 subtraces) (ID = -2147467231)
12:51 PM: c:\program files\shopperreports\bin (4 subtraces) (ID = -2147477478)
12:51 PM: c:\program files\shopperreports (8 subtraces) (ID = -2147477479)
12:51 PM: c:\program files\shopperreports\cs (1 subtraces) (ID = -2147477476)
12:51 PM: c:\documents and settings\robin\application data\shopperreports (18 subtraces) (ID = -2147480876)
12:51 PM: Found Adware: commonname
12:51 PM: c:\windows\temp\adware (ID = -2147481214)
12:51 PM: Found Adware: bullguard popup ad
12:51 PM: c:\windows\temp\bullguard (1 subtraces) (ID = -2147476409)
12:51 PM: c:\documents and settings\owner\application data\hotbar (3095 subtraces) (ID = -2147480877)
12:51 PM: c:\documents and settings\owner\application data\shopperreports (18 subtraces) (ID = -2147480876)
12:51 PM: c:\documents and settings\robin\application data\hotbar (2359 subtraces) (ID = -2147480877)
12:51 PM: c:\program files\hbinst (1 subtraces) (ID = -2147480873)
12:51 PM: c:\program files\hotbar (26 subtraces) (ID = -2147477482)
12:52 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp129\a0075523.exe". Access is denied
12:52 PM: a0078029.dll (ID = 58592)
12:52 PM: progress.res (ID = 62367)
12:52 PM: a0065612.exe (ID = 121818)
12:52 PM: d_icons_buttons_bbar8.res (ID = 121837)
12:52 PM: d_icons_buttons_bbar8.res (ID = 121837)
12:54 PM: a0088746.exe (ID = 121818)
12:57 PM: a0078028.dll (ID = 58330)
12:57 PM: d_icons_buttons_bbar10.res (ID = 121826)
12:57 PM: country.xip (ID = 121857)
12:57 PM: keywords1.xip (ID = 121864)
12:57 PM: d_icons_buttons_bbar4.res (ID = 121833)
1:03 PM: wallpaper.dll (ID = 62385)
1:03 PM: d_icons_buttons_bbar4.res (ID = 121833)
1:03 PM: a0088811.exe (ID = 121818)
1:03 PM: d_icons_buttons_2000.res (ID = 121823)
1:04 PM: a0088456.exe (ID = 121818)
1:05 PM: d_icons_buttons_x.xip (ID = 121859)
1:05 PM: a0090898.exe (ID = 121818)
1:05 PM: a0090849.exe (ID = 121818)
1:05 PM: a0090791.exe (ID = 121818)
1:05 PM: country.xip (ID = 121857)
1:05 PM: a0090859.exe (ID = 121818)
1:05 PM: d_icons_buttons_2000.xip (ID = 114390)
1:05 PM: a0090853.exe (ID = 121818)
1:06 PM: a0090848.exe (ID = 121818)
1:07 PM: a0065609.exe (ID = 121818)
1:07 PM: d_icons_buttons_1000.xip (ID = 114339)
1:07 PM: hbinstie.dll (ID = 62318)
1:07 PM: Found Adware: mogo-mania
1:07 PM: a0091176.dll (ID = 137595)
1:07 PM: d_icons_buttons_1000.res (ID = 121822)
1:07 PM: d_icons_weather.res (ID = 121840)
1:07 PM: d_icons_buttons_x.res (ID = 121839)
1:07 PM: d_icons_buttons_bbar4.xip (ID = 114355)
1:07 PM: d_icons_buttons_bbar6.xip (ID = 114394)
1:07 PM: d_icons_buttons_bbar10.xip (ID = 114391)
1:08 PM: a0091064.exe (ID = 121818)
1:08 PM: d_icons_buttons_bbar3.xip (ID = 114342)
1:08 PM: icons2.xip (ID = 121862)
1:09 PM: d_icons_buttons_bbar8.xip (ID = 114356)
1:09 PM: a0090783.exe (ID = 121818)
1:09 PM: icons2.res (ID = 121846)
1:09 PM: a0091002.exe (ID = 121818)
1:09 PM: a0090961.exe (ID = 121818)
1:09 PM: a0065533.exe (ID = 121818)
1:10 PM: d_icons_buttons_bbar8.xip (ID = 114356)
1:10 PM: d_icons_weather.xip (ID = 121860)
1:10 PM: tsd_bg.xip (ID = 62383)
1:10 PM: t2_bg.xip (ID = 121869)
1:10 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp126\a0063319.exe". Access is denied
1:10 PM: keywords.xip (ID = 121863)
1:10 PM: top7.xip (ID = 162956)
1:10 PM: a0091209.exe (ID = 121818)
1:10 PM: a0091006.exe (ID = 121818)
1:10 PM: d_icons_buttons_bbar1.xip (ID = 114354)
1:10 PM: d_icons_buttons_bbar4.res (ID = 121833)
1:12 PM: a0065774.exe (ID = 121818)
1:12 PM: a0075763.exe (ID = 121818)
1:13 PM: d_icons_buttons_bbar2.xip (ID = 114393)
1:13 PM: a0065611.exe (ID = 121818)
1:13 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp129\a0075577.exe". Access is denied
1:13 PM: a0084119.exe (ID = 121818)
1:13 PM: a0088343.exe (ID = 121818)
1:13 PM: a0084144.exe (ID = 121818)
1:13 PM: d_icons_buttons_bbar12.xip (ID = 114375)
1:13 PM: a0084163.exe (ID = 121818)
1:13 PM: a0084194.exe (ID = 121818)
1:13 PM: a0067893.exe (ID = 121818)
1:13 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075944.exe". Access is denied
1:13 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075674.exe". Access is denied
1:14 PM: a0067862.exe (ID = 121818)
1:14 PM: d_icons_buttons_bbar8.res (ID = 121837)
1:14 PM: d_icons_buttons_bbar3.xip (ID = 114342)
1:14 PM: a0065634.exe (ID = 121818)
1:14 PM: a0090765.exe (ID = 121818)
1:14 PM: a0092272.exe (ID = 121818)
1:14 PM: a0065677.exe (ID = 121818)
1:14 PM: d_icons_weather.res (ID = 121840)
1:14 PM: country.exe (ID = 121818)
1:14 PM: d_icons_weather.res (ID = 121840)
1:14 PM: country.exe (ID = 121818)
1:14 PM: a0092227.exe (ID = 121818)
1:14 PM: d_icons_buttons_bbar11.res (ID = 121827)
1:14 PM: d_icons_buttons_bbar11.res (ID = 121827)
1:14 PM: d_icons_buttons_bbar11.res (ID = 121827)
1:15 PM: a0090891.exe (ID = 121818)
1:15 PM: d_icons_buttons_bbar11.res (ID = 121827)
1:15 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp126\a0063363.exe". Access is denied
1:15 PM: d_icons_buttons_3000.xip (ID = 114353)
1:15 PM: a0063297.exe (ID = 121818)
1:15 PM: progress.res (ID = 62367)
1:15 PM: a0091082.exe (ID = 121818)
1:15 PM: asmfiles.cab (ID = 49805)
1:15 PM: a0063320.exe (ID = 121818)
1:15 PM: a0090892.exe (ID = 121818)
1:15 PM: a0063374.exe (ID = 121818)
1:15 PM: a0091196.exe (ID = 121818)
1:16 PM: a0088690.exe (ID = 121818)
1:16 PM: a0088672.exe (ID = 121818)
1:16 PM: a0088664.exe (ID = 121818)
1:16 PM: tsd_bg.res (ID = 62382)
1:16 PM: t2_bg.res (ID = 121851)
1:16 PM: d_icons_buttons_bbar11.xip (ID = 114340)
1:16 PM: progress.res (ID = 62367)
1:16 PM: country.exe (ID = 121818)
1:16 PM: d_icons_buttons_3000.res (ID = 121824)
1:16 PM: a0092282.exe (ID = 121818)
1:16 PM: default_hotbarcom.mnu (ID = 121820)
1:16 PM: a0090949.exe (ID = 121818)
1:16 PM: dbenderc.dll (ID = 62276)
1:17 PM: a0091065.exe (ID = 121818)
1:17 PM: d_icons_buttons_bbar2.res (ID = 121831)
1:17 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:17 PM: a0090837.exe (ID = 121818)
1:17 PM: a0090852.exe (ID = 121818)
1:17 PM: a0090858.exe (ID = 121818)
1:17 PM: d_icons_buttons_bbar5.xip (ID = 114376)
1:17 PM: d_icons_buttons_bbar8.res (ID = 121837)
1:18 PM: d_icons_buttons_3000.res (ID = 121824)
1:18 PM: country.exe (ID = 121818)
1:18 PM: d_icons_weather.xip (ID = 121860)
1:18 PM: d_icons_buttons_bbar3.res (ID = 121832)
1:18 PM: tsd_bg.xip (ID = 62383)
1:18 PM: t2_bg.xip (ID = 121869)
1:18 PM: d_icons_buttons_bbar12.xip (ID = 114375)
1:18 PM: keywords.idx (ID = 121847)
1:18 PM: keywords.idx (ID = 121847)
1:18 PM: a0086272.exe (ID = 121818)
1:18 PM: a0091069.exe (ID = 121818)
1:19 PM: a0091009.exe (ID = 121818)
1:19 PM: d_icons_buttons_bbar1.xip (ID = 114354)
1:19 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075694.exe". Access is denied
1:19 PM: a0088605.exe (ID = 121818)
1:19 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075832.exe". Access is denied
1:19 PM: d_icons_buttons_2000.res (ID = 121823)
1:19 PM: d_icons_buttons_bbar7.xip (ID = 114343)
1:19 PM: a0065549.exe (ID = 121818)
1:19 PM: a0063309.exe (ID = 121818)
1:19 PM: d_icons_buttons_bbar9.xip (ID = 114377)
1:19 PM: a0069058.exe (ID = 121818)
1:19 PM: a0071098.exe (ID = 121818)
1:19 PM: a0063418.exe (ID = 121818)
1:19 PM: a0072196.exe (ID = 121818)
1:19 PM: a0063349.exe (ID = 121818)
1:19 PM: a0063339.exe (ID = 121818)
1:19 PM: a0063398.exe (ID = 121818)
1:19 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075749.exe". Access is denied
1:19 PM: a0063463.exe (ID = 121818)
1:19 PM: a0063491.exe (ID = 121818)
1:19 PM: a0063411.exe (ID = 121818)
1:19 PM: a0087297.exe (ID = 121818)
1:19 PM: a0075795.exe (ID = 121818)
1:19 PM: a0063476.exe (ID = 121818)
1:19 PM: a0071123.exe (ID = 121818)
1:19 PM: a0072250.exe (ID = 121818)
1:19 PM: a0072239.exe (ID = 121818)
1:20 PM: progress.res (ID = 62367)
1:20 PM: a0063434.exe (ID = 121818)
1:20 PM: a0063446.exe (ID = 121818)
1:20 PM: a0072263.exe (ID = 121818)
1:20 PM: a0064503.exe (ID = 121818)
1:20 PM: a0065567.exe (ID = 121818)
1:20 PM: a0064520.exe (ID = 121818)
1:20 PM: a0090897.exe (ID = 121818)
1:20 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075780.exe". Access is denied
1:20 PM: a0088374.exe (ID = 121818)
1:20 PM: a0086237.exe (ID = 121818)
1:20 PM: a0087301.exe (ID = 121818)
1:21 PM: a0087307.exe (ID = 121818)
1:21 PM: d_icons_buttons_bbar3.res (ID = 121832)
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075765.exe". Access is denied
1:21 PM: a0075949.exe (ID = 121818)
1:21 PM: a0065654.exe (ID = 121818)
1:21 PM: a0088367.exe (ID = 121818)
1:21 PM: a0065744.exe (ID = 121818)
1:21 PM: a0072317.exe (ID = 121818)
1:21 PM: a0072290.exe (ID = 121818)
1:21 PM: a0075414.exe (ID = 121818)
1:21 PM: a0073371.exe (ID = 121818)
1:21 PM: a0072305.exe (ID = 121818)
1:21 PM: a0084172.exe (ID = 121818)
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075797.exe". Access is denied
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075856.exe". Access is denied
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075917.exe". Access is denied
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075843.exe". Access is denied
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075872.exe". Access is denied
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0077958.exe". Access is denied
1:21 PM: a0075730.exe (ID = 121818)
1:21 PM: a0067896.exe (ID = 121818)
1:21 PM: a0076947.exe (ID = 121818)
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0075950.exe". Access is denied
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0076949.exe". Access is denied
1:21 PM: a0068033.exe (ID = 121818)
1:21 PM: a0067918.exe (ID = 121818)
1:21 PM: d_icons_buttons_bbar1.res (ID = 121825)
1:21 PM: a0075814.exe (ID = 121818)
1:21 PM: a0075918.exe (ID = 121818)
1:21 PM: a0072155.exe (ID = 121818)
1:21 PM: a0072219.exe (ID = 121818)
1:21 PM: a0073344.exe (ID = 121818)
1:21 PM: a0085238.exe (ID = 121818)
1:21 PM: a0072143.exe (ID = 121818)
1:21 PM: a0077970.exe (ID = 121818)
1:21 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0077973.exe". Access is denied
1:21 PM: d_icons_buttons_bbar5.res (ID = 121834)
1:21 PM: tsd_bg.res (ID = 62382)
1:21 PM: a0091168.exe (ID = 121818)
1:21 PM: t2_bg.res (ID = 121851)
1:21 PM: a0087329.exe (ID = 121818)
1:21 PM: progress.res (ID = 62367)
1:21 PM: default_hotbarcom.mnu (ID = 121820)
1:21 PM: a0090945.exe (ID = 121818)
1:22 PM: a0074385.exe (ID = 121818)
1:22 PM: a0075448.exe (ID = 121818)
1:22 PM: a0075495.exe (ID = 121818)
1:22 PM: a0075828.exe (ID = 121818)
1:22 PM: a0077999.exe (ID = 121818)
1:22 PM: a0086256.exe (ID = 121818)
1:22 PM: a0075692.exe (ID = 121818)
1:22 PM: a0081040.exe (ID = 121818)
1:22 PM: a0075713.exe (ID = 121818)
1:22 PM: a0072322.exe (ID = 121818)
1:22 PM: a0065707.exe (ID = 121818)
1:22 PM: a0065732.exe (ID = 121818)
1:22 PM: install.scr (ID = 62353)
1:22 PM: d_icons_buttons_bbar6.res (ID = 121835)
1:22 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp130\a0077996.exe". Access is denied
1:22 PM: a0088744.exe (ID = 121818)
1:22 PM: a0081063.exe (ID = 121818)
1:22 PM: a0075842.exe (ID = 121818)
1:22 PM: install.dll (ID = 53285)
1:22 PM: d_icons_buttons_bbar7.res (ID = 121836)
1:22 PM: d_icons_buttons_bbar2.xip (ID = 114393)
1:22 PM: d_icons_buttons_bbar4.xip (ID = 114355)
1:22 PM: d_icons_buttons_bbar5.xip (ID = 114376)
1:22 PM: d_icons_buttons_bbar9.res (ID = 121838)
1:23 PM: a0090894.exe (ID = 121818)
1:23 PM: d_icons_weather.res (ID = 121840)
1:23 PM: d_icons_buttons_bbar6.xip (ID = 114394)
1:23 PM: d_icons_buttons_1000.res (ID = 121822)
1:23 PM: tsd_bg.res (ID = 62382)
1:23 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp126\a0063290.exe". Access is denied
1:23 PM: d_icons_buttons_bbar12.res (ID = 121828)
1:23 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp126\a0063348.exe". Access is denied
1:23 PM: Warning: Failed to open file "c:\system volume information\_restore{7f3ffb03-79da-42ff-a36d-b8f5becd2f0d}\rp126\a0063338.exe". Access is denied
1:23 PM: a0088660.exe (ID = 121818)
1:23 PM: a0088414.exe (ID = 121818)
1:23 PM: a0090899.exe (ID = 121818)
1:23 PM: a0090904.exe (ID = 121818)
1:23 PM: a0069044.exe (ID = 121818)
1:23 PM: a0068026.exe (ID = 121818)
1:23 PM: d_icons_buttons_1000[1].xip (ID = 114339)
1:23 PM: a0074382.exe (ID = 121818)
1:23 PM: a0075433.exe (ID = 121818)
1:23 PM: a0075854.exe (ID = 121818)
1:24 PM: a0072165.exe (ID = 121818)
1:24 PM: a0075505.exe (ID = 121818)
1:24 PM: a0088467.exe (ID = 121818)
1:24 PM: a0091044.exe (ID = 121818)
1:24 PM: a0092216.exe (ID = 121818)
1:24 PM: d_icons_buttons_bbar5.res (ID = 121834)
1:24 PM: a0091074.exe (ID = 121818)
1:24 PM: d_icons_buttons_bbar7.xip (ID = 114343)
1:24 PM: a0068049.exe (ID = 121818)
1:24 PM: d_icons_buttons_3000.res (ID = 121824)
1

#4 ecca

ecca
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:00 PM

Posted 22 January 2006 - 05:01 PM

HijackThis log:Logfile of HijackThis v1.99.1
Scan saved at 1:52:28 PM, on 1/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE
C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\volumec.exe
C:\WINDOWS\msncomm.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\msncomm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\owner\My Documents\HJT\hijackthis.exe

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_16_0.dll (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-ca\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [TosHKCW.exe] "C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe"
O4 - HKLM\..\Run: [NDSTray.exe] "C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [TMESBS.EXE] C:\Program Files\TOSHIBA\TME3\TMESBS32.EXE /Client
O4 - HKLM\..\Run: [Drag'n Drop CD+DVD] C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [cPadAlarm] C:\Program Files\Synaptics\SynTP\cPad\AlarmWatcher.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe -i
O4 - HKLM\..\Run: [antivirus] C:\WINDOWS\avsoft.exe /i
O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\msncomm.exe /i
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab28578.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://mlslink.mlxchange.com/Control/MultiSelectComboBox.cab
O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://mlslink.mlxchange.com/Control/MLXClientUtils.cab
O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://mlslink.mlxchange.com/Control/IRCSharc.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab28177.cab
O20 - Winlogon Notify: -jgitfryk - C:\WINDOWS\system32\phqghu.dll (file missing)
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Tmesbs32 (Tmesbs) - Unknown owner - C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe" /Service (file missing)

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 22 January 2006 - 05:18 PM

Fix these with HJT – mark them, close IE, click fix checked

O4 - HKLM\..\Run: [VolControl] C:\WINDOWS\volumec.exe –I

O4 - HKLM\..\Run: [antivirus] C:\WINDOWS\avsoft.exe /I

O4 - HKLM\..\Run: [ImMsn] C:\WINDOWS\msncomm.exe /I

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab

O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} - http://www.errorguard.com/installation/Install.cab


O20 - Winlogon Notify: -jgitfryk - C:\WINDOWS\system32\phqghu.dll (file missing)

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\volumec.exe
C:\WINDOWS\avsoft.exe
C:\WINDOWS\msncomm.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users