Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This Log - Pleae Help!


  • Please log in to reply
20 replies to this topic

#1 HockeyFan

HockeyFan

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 01 February 2006 - 08:38 PM

Hi,
In attempting to open IE 6, a blank page opens and then the program crashes and tells me IE has unexpectedly quit. I am, however, able to access the internet through the "Run" command. Before this problem, I was experiencing web pages and advertisements that would open up automatically. Here is my first log file - thanks in advance for your help.

Logfile of HijackThis v1.99.1
Scan saved at 7:30:28 PM, on 2/1/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\R2VycnkgSG9sdA\command.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
C:\WINNT\wdskctl.exe
C:\WINNT\elitemediapop.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\PROGRA~1\COMMON~1\kzrk\kzrkm.exe
C:\PROGRA~1\COMMON~1\kzrk\kzrka.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\NavNT\vpc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\System32\MOStat.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\GERRY.EMC\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.ieplugin.com/search.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.ieplugin.com/search.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.ieplugin.com/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
O2 - BHO: IPInsigtObj Class - {000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} - C:\WINNT\IPINSIGT.DLL
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\System32\nsp8B.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: TChkBHO Class - {35738750-7F47-401E-9CB7-C98774044E44} - C:\WINNT\system32\xomjexwt.dll
O2 - BHO: IEHlprObj Class - {47605E5A-5271-447B-8322-7D7637D07847} - C:\WINNT\System32\moz030715s.dll
O2 - BHO: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINNT\systb.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O2 - BHO: IEHlprObj Class - {D14641FA-445B-448E-9994-209F7AF15641} - C:\WINNT\System32\mbho.dll (file missing)
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: Intelligent Explorer - {69135BDE-5FDC-4B61-98AA-82AD2091BCCC} - C:\WINNT\systb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Sentry] C:\WINNT\Sentry.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [wininetd] C:\WINNT\System32\wininetd.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
O4 - HKLM\..\Run: [casgmisl] C:\WINNT\System32\rxjdkzfs.exe
O4 - HKLM\..\Run: [Win Server Updt] C:\WINNT\wupdt.exe
O4 - HKLM\..\Run: [wdskctl] C:\WINNT\wdskctl.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [elitemedia] C:\WINNT\elitemediapop.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - HKCU\..\Run: [kzrk] C:\PROGRA~1\COMMON~1\kzrk\kzrkm.exe
O4 - HKCU\..\Run: [ntdll.dll] C:\PROGRA~1\COMMON~1\kzrk\kzrkm.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - C:\WINNT\System32\wuauclt.dll
O9 - Extra button: (no name) - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINNT\systb.dll
O9 - Extra 'Tools' menuitem: IMI - {A80F2DB2-80A9-4834-8F5A-4AB70F4EF4C3} - C:\WINNT\systb.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emc
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\R2VycnkgSG9sdA\command.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

BC AdBot (Login to Remove)

 


m

#2 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 01 February 2006 - 10:35 PM

Since the first post, I have run Ad-Aware and SpyBot S/D. I have also added Zone Alarm. I am now able to open up IE through the original shortcut. Is there anything else I need to do AND can someone post a link to a good pop-up blocker. Below is a new HJT log. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 9:29:05 PM, on 2/1/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
C:\WINNT\elitemediapop.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\GERRY.EMC\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
O2 - BHO: My Search BHO - {014DA6C1-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\System32\nsp8B.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: ShprRprts - {2A8A997F-BB9F-48F6-AA2B-2762D50F9289} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O2 - BHO: TChkBHO Class - {35738750-7F47-401E-9CB7-C98774044E44} - C:\WINNT\system32\xomjexwt.dll
O2 - BHO: IEHlprObj Class - {47605E5A-5271-447B-8322-7D7637D07847} - C:\WINNT\System32\moz030715s.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O3 - Toolbar: Hotbar - {B195B3B3-8A05-11D3-97A4-0004ACA6948E} - C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostIE.dll
O3 - Toolbar: My &Search Bar - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
O4 - HKLM\..\Run: [casgmisl] C:\WINNT\System32\rxjdkzfs.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [elitemedia] C:\WINNT\elitemediapop.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emc
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\R2VycnkgSG9sdA\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#3 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 02 February 2006 - 11:42 PM

bump for some help, please.

#4 dknoppix

dknoppix

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 04 February 2006 - 02:45 PM

Hi HockeyFan,

Sorry for the late reply :thumbsup:

Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

Please download ewido anti malware it is a free version of the program.
  • Install ewido anti malware
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti malware.

Reboot and post me a new HijackThis log as well as the ewido log.

dk :flowers:

#5 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 04 February 2006 - 05:38 PM

Thanks dk!!!!!
Here are the results:

Ewido report:
+ Scan result:

HKLM\SOFTWARE\Classes\AppID\HbSrv.EXE -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\WeatherOnTray.EXE -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0507FDDE-F3B7-49F5-9E8F-C557E991F39B} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{B701A705-F828-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Atlnet.HbWebmailSend.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00C1117B-AB91-4ADD-9BBF-5D22D099DEBD} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{013A482E-1893-4F49-8D41-AC89156A6955} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C2-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0774F696-D801-4C18-81A7-A3A32B8BEF19} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1038DD23-8AE8-451B-A134-4DB8A49AA519} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E0004EC-5DF0-48C7-A8F0-FBB0488A3D94} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E24F8A0-5965-4902-90D4-08534E9ADF3B} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E6AC766-9094-4BCF-ABD3-39E2EAEA5FCD} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -> Spyware.SmartShopper : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{31D0C6FF-5897-4A57-8005-A50FCE4CE159} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{354382DB-DF55-4DA9-85A3-41696A0F510F} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3CEB882D-6B2B-4D81-A544-9D9B1D6FA945} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{454B4812-E572-4703-A1BB-63490809EAC0} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4DBCFAF7-62E1-4811-8ACC-6511E7192CB4} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{580A1F3F-89B4-433B-BBDB-B97AEB13F3FC} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{60F630A2-41EC-11D5-B558-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69FD62B1-0216-4C31-8D55-840ED86B7C8F} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6FB2639A-4BA3-4531-8DB8-FAB03E0A8FFD} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6FE00B71-7251-4E00-9186-ED89BBB946B8} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{75D2080B-4857-4B96-9B7D-732634FBD01F} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{954814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A54814C0-40F3-4249-8528-B4922CD2964E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A80347E0-F757-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreServices.LfgAx -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreServices.LfgAx\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreServices.LfgAx\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreServices.LfgAx.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.DynamicProp.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.HbCoreServices -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.HbCoreServices\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.HbCoreServices\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.HbCoreServices.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbCoreSrv.LfgAx.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostIE.Bho -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostIE.Bho\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostIE.Bho\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostIE.Bho.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostIE.HbBho.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbElementFocus.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbMailAnim -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbMailAnim\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbMailAnim\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbMailAnim.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbWebmailSend -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbWebmailSend\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbWebmailSend\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbHostOL.HbWebmailSend.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HBInstIE.HbInstObj -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HBInstIE.HbInstObj\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HBInstIE.HbInstObj\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HBInstIE.HbInstObj.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbSrv.HbCoreServices -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbSrv.HbCoreServices\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbSrv.HbCoreServices\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbSrv.HbCoreServices.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbHtmlMenuUI.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbToolbarCtl -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbToolbarCtl\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbToolbarCtl\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\HbToolbar.HbToolbarCtl.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbBho -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbBho\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbBho\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbCommBand -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbCommBand\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbCommBand\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbCommBand.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbMain -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbMain\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbMain\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbMain.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Hotbar.HbTravelCompareBar.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{17719B53-FAD1-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{17719B54-FAD1-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3103E312-E1BB-49AB-80EB-0A92FCA78746} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{31321312-E1BB-49AB-80EB-13212CA78746} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{340D8791-0E2C-43CF-9671-7E90AAFBF0DA} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{34F4D917-31E4-464C-B8B3-84C1CE76B395} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3F04CBF7-CD62-4403-B090-B432DEDCB159} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{46417AFD-7A15-4ED1-B764-CB72CD4D904F} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4BF4FAFA-186E-4E36-8F74-525290438D7B} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6A6EBAE8-8C66-4675-B423-95B3BA530940} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6F885F52-B45F-45BC-8642-FE3D56155A3A} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7138714C-9819-4AB1-9A86-E7C413C9A99E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{7E33BC81-0818-11D5-B50D-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8F59F897-6923-4B3B-8156-4E55D19DE99A} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{918E4B7A-4D80-43A4-83A7-39ADCC11841F} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{927420A3-7259-4A74-B402-9329177EC3FC} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9DD19D39-2CDC-465B-BB21-1D433590BA3D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9EE87A26-B2C8-4130-83F6-E8511D939976} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A1772E14-9291-454E-AEDE-02161FBC3E59} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A80347DF-F757-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AD9A7B03-BE12-11D4-B493-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B00609A6-82AF-4C55-BBB8-ADC8593CEB86} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B195B3B2-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC2025DC-136B-492F-AEFF-31D0BA8B98DA} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C8539BFE-8FD7-405C-8EEF-D9AF48DC6BA4} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DA603411-0593-11D5-A46B-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DA603411-0593-11D5-A46B-10101B1B1111} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DA603411-0593-11D5-A46B-10101DDD1111} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F4132B7B-1576-41B6-ABD8-39C6C53047F7} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F64B26C1-07DE-11D5-B50D-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F7A1BF21-1D7D-4F5F-A201-0CA35A5CD68F} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\RprtsPSClient.PSExecuter.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbAx.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbCommBand.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.HbInfoBand.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButton.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.IEButtonA.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ShprRprts.SmrtShprCtl.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{522985F4-BA43-45A0-9B20-AB5F82C0FF7E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{60F63095-41EC-11D5-B558-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{6D6D1580-5B74-40EA-97F4-3C2B46C5ABDD} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{842D315A-7E1E-448B-96E8-9E76D1820BE2} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{94BEB7A2-36B7-46DC-8AD1-81A8332409C0} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{A80347D3-F757-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{AB357854-7A72-4FBE-9382-CC74B45A3ADD} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B195B3A5-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B5901229-25CC-43C9-B604-3BB6AC2B48A5} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{B701A704-F828-11D4-A466-00508B5BA2DF} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C83DAED4-0611-4F7A-978E-7FEAFCB2F91B} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Wallpaper.WallpaperManager.1 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Common -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Common\HBK -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOI\Mail -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOL -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOL\Mail -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\HostOL\Updates -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Install\cmpmap -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\MachineInfo -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Mail -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PartnerInfo -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Updates -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Hotbar\Upgrade -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Hotbar\Install\CmpMap -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{946B3E9E-E21A-49c8-9F63-900533FAFE14}\\ClsidExtension -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E77EDA01-3C56-4a96-8D08-02B42891C169}\\ClsidExtension -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\HbHostOL.HbMailAnim -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A8A997F-BB9F-48F6-AA2B-2762D50F9289} -> Spyware.SmartShopper : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B195B3B3-8A05-11D3-97A4-0004ACA6948E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarOutlookTools -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HotbarWebTools -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\ShopperReports -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\ShopperReports\ShopperReports -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\ShopperReports\ShopperReports\PostInstaller -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Common -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Common\Time -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Common\Updates -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\HostOI -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\HostOL -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\HostOL\Updates -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\dynamic -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\EUI -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\HtmlPPP -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\ImagesHistory -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\init -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Install -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\links -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\options -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg800 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg801 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg802 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg803 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg807 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg808 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg810 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg811 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg812 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg818 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg819 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg824 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg825 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg826 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg827 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg828 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg829 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg830 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg842 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg843 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg844 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg845 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg847 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg848 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg849 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg852 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg853 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg856 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\Sample\Hist\sg857 -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\updates -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Hotbar\UserInfo -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Time -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Time\HostIE -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Time\HostIE\Updates -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Time\HostOI -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Time\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Time\HostOL -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\Hotbar\Time\HostOL\Updates -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button0 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button1 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\button3 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\Config\KeyWordFreqCap -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\ShopperReports -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\ShopperReports\ShopperReports -> Spyware.HotBar : Cleaned with backup
HKU\.DEFAULT\Software\ShopperReports\ShopperReports\PostInstaller -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Common -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Common\Time -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Common\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\HostOI -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\HostOI\links -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\HostOI\setting -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Hostol -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Hostol\links -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Hostol\Mail -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Hostol\setting -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Hostol\soho -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Hostol\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Group -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Group\upgrade_v43 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013016 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013017 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013018 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013020 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013039 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\013040 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\030002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390009 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390010 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390011 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390014 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390016 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390017 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390018 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390020 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390023 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390024 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390025 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390026 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390027 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390028 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390030 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390031 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390034 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390035 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390036 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390037 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\390039 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\400017 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\400018 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\400025 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\400030 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\420013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\420022 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\420047 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\420048 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\420050 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\420051 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460010 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460014 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460016 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460017 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460020 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460021 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460022 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460023 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460024 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460025 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460026 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460027 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460028 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460033 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460034 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460035 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460036 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460037 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460040 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460041 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460042 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460043 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460044 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460045 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460046 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460048 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460049 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460050 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460052 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460053 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460054 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460055 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460056 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460057 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460058 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460061 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460062 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460063 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460066 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\460073 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\470002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\470003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480009 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480010 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480014 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\480015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\510014 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\510015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\510043 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\510051 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\520001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\520002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\540001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\620001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\620002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\640001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\660001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\660003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\660004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\660005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\670013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\670014 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\670022 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\690001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\730001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\730004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\800001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\810001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\810002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\840001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\840003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\840005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\850007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\880001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\880002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\H

#6 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 04 February 2006 - 05:45 PM

dk,
I guess there's a limit to what I can post. This is the continued Ewido report:

HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\888888 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\930003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\930006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\930008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\930009 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\999997 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\999998 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://*\999999 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://adobe.com/products/acrobat/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://adobe.com/products/acrobat/*\460078 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://aircourier.org/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://aircourier.org/*\011005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://aircourier.org/*\011008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://angelfire.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://angelfire.com/*\070002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://artistdirect.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://artistdirect.com/*\420048 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://autozone.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://autozone.com/*\650001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://bcbst.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://bcbst.com/*\420014 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://briefcase.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://briefcase.yahoo.com/*\030002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cartoonnetwork.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cartoonnetwork.com/*\030002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cduniverse.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cduniverse.com/*\420048 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://classmates.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://classmates.com/*\036003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://classmates.com/*\036004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://classmates.com/*\670013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://classmates.com/*\930005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://classmates.com/*\940018 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cnn.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cnn.com/*\036003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cnn.com/*\750009 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://crazyape.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://crazyape.com/*\510007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cutestuf.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://cutestuf.com/*\001025 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://dps1.travelocity.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://dps1.travelocity.com/*\011001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://dps1.travelocity.com/*\011008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://dps1.travelocity.com/*\710001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://e-debtconsolidation.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://e-debtconsolidation.com/*\700001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://e-debtconsolidation.com/*\760001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ea.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ea.com/*\510012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ea.com/*\510013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ebay.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ebay.com/*\007003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ebay.com/*\013046 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ebay.com/*\070002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ebay.com/*\420038 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ebay.com/*\510006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ebay.com/*\850010 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ecreditrepair.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ecreditrepair.com/*\420019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ecreditrepair.com/*\420041 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ecreditrepair.com/*\510002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ecreditrepair.com/*\760001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://edit.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://edit.yahoo.com/*\460078 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://entertainment.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://entertainment.com/*\670023 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://espn.go.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://espn.go.com/*\206011 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\206019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\420016 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\420104 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\460004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\460005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\460006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\460007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\880007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\940001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fantasy.nascar.com/*\940019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fileplanet.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fileplanet.com/*\420055 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fileplanet.com/*\510012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://fileplanet.com/*\510013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.espn.go.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.espn.go.com/*\206011 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.yahoo.com/*\420055 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.yahoo.com/*\460051 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.yahoo.com/*\510052 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.yahoo.com/*\520012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://games.yahoo.com/*\880003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://gamespy.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://gamespy.com/*\510012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://gamespy.com/*\510013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://google.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://google.com/*\036003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://google.com/*\510007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://houseofnames.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://houseofnames.com/*\014010 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ibm.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ibm.com/*\510006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/*\206024 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/*\510001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/*\510057 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/*\510060 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/*\750003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/*\880006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://intellicast.com/*\930005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://kbtoys.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://kbtoys.com/*\100001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://leisure.travelocity.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://leisure.travelocity.com/*\011001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://leisure.travelocity.com/*\011008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://live365.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://live365.com/*\400040 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://live365.com/*\420048 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://lowestfare.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://lowestfare.com/*\011005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://lowestfare.com/*\011008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://luckysurf.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://luckysurf.com/*\320001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mail.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mail.yahoo.com/*\001027 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mail.yahoo.com/*\036003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mail.yahoo.com/*\036004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mail.yahoo.com/*\510059 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mail.yahoo.com/*\930005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://millerbrewing.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://millerbrewing.com/*\420029 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://movies.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://movies.yahoo.com/*\390021 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mp3.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://mp3.com/*\390022 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://msn.co.uk/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://msn.co.uk/*\370009 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://msn.co.uk/*\370010 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://msn.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://msn.com/*\370007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\206009 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\206011 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\206019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\400029 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\420104 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\460004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\460005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\460007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\520013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\880007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\940001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/*\940019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/comm/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/comm/*\400029 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/comm/games/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/comm/games/*\400029 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/races/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nascar.com/races/*\400029 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://news.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://news.yahoo.com/*\030002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://news.yahoo.com/*\510001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://news.yahoo.com/*\750003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nick.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://nick.com/*\340004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pages.ebay.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pages.ebay.com/*\030002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pages.ebay.com/*\070002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pages.ebay.com/*\510006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pages.ebay.com/*\510007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pages.ebay.com/*\720001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pages.ebay.com/*\850002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\420003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\420027 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\420059 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\420072 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\420082 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\420083 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\510002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\510065 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://paypal.com/*\850006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pc.ibm.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pc.ibm.com/*\510007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://photos.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://photos.yahoo.com/*\420103 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://play.pogo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://play.pogo.com/*\390015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://play.pogo.com/*\420055 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://play.pogo.com/*\510012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://play.pogo.com/*\510013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://play.pogo.com/*\510052 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://play.pogo.com/*\520012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://playboy.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://playboy.com/*\028005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://playboy.com/*\400001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://playboy.com/*\400015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://playboy.com/*\420005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://playboy.com/*\420026 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://playboy.com/*\580001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\085007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\085011 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\085015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\320006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\390015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\460051 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\510005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\510012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\510013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\510052 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\520012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\570001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://pogo.com/*\880003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://profiles.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://profiles.yahoo.com/*\036003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://profiles.yahoo.com/*\036004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://profiles.yahoo.com/*\930005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://progressive.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://progressive.com/*\013021 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\330001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\330004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\330007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\420019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\420070 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\510002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\510065 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\760001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providian.com/*\760002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providianonline.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providianonline.com/*\420019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providianonline.com/*\510002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://providianonline.com/*\760001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://racing.fantasysports.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://racing.fantasysports.yahoo.com/*\206019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://racing.fantasysports.yahoo.com/*\420104 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://racing.fantasysports.yahoo.com/*\520013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://racing.fantasysports.yahoo.com/*\880007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://racing.fantasysports.yahoo.com/*\940001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://racing.fantasysports.yahoo.com/*\940019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://rd.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://rd.yahoo.com/*\206026 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://rd.yahoo.com/*\460065 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://rd.yahoo.com/*\880007 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://real.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://real.com/*\420048 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://realage.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://realage.com/*\420021 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://sears.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://sears.com/*\070002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://sears.com/*\510006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/*\011005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/*\011008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/*\510044 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/*\710001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/*\860001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/*\860002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://southwest.com/*\860003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://sports.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://sports.yahoo.com/*\206019 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://sports.yahoo.com/*\940001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://store.yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://store.yahoo.com/*\420068 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://store.yahoo.com/*\420069 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\030001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\420003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\420027 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\420041 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\420059 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\420072 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\420082 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\420083 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\490006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\510002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\510065 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\750002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://suntrust.com/*\850005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://theusagoldcard.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://theusagoldcard.com/*\041004 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://theusagoldcard.com/*\510002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ticketmaster.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ticketmaster.com/*\070002 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ticketmaster.com/*\206012 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ticketmaster.com/*\510006 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://ticketmaster.com/*\670015 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://travelocity.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://travelocity.com/*\011001 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://travelocity.com/*\011008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://twa.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://twa.com/*\011005 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://twa.com/*\011008 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://web.icq.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://web.icq.com/*\036003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://web.icq.com/*\520003 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://yahoo.com/* -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://yahoo.com/*\390033 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\BubbleMsg\Item\http://yahoo.com/*\670013 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\dynamic -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\EUI -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\HbBand -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\ImagesHistory -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\Install -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\links -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\Local -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\MultiUrl -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\options -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\PI -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\PI\3.2 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg288 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg289 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg291 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg293 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg302 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg304 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg305 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg307 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg308 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg310 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg311 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg312 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg313 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg800 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg801 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125&#

#7 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 04 February 2006 - 05:49 PM

Man, I have a bunch of crap on my computer. My apologies. Log continued:

HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg802 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg803 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg807 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg808 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg810 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg811 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg812 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg818 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg819 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg824 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg825 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg826 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg827 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg828 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg829 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg830 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg842 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg843 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg844 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg845 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg847 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg848 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg849 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg852 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg853 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg856 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg857 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg862 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg863 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sg901 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sgdir294 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sgsbt -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sgsub229 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sgsub300 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub0 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub1 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub101 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub102 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub103 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub106 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub11 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub110 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub13 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub15 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub17 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub19 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub2 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub201 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub202 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub203 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub204 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub205 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub206 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub207 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub208 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub209 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub210 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub211 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub212 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub220 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub221 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub222 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub223 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub224 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub225 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub226 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub227 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub228 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub240 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub241 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub242 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub243 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub244 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub245 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub246 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub247 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub248 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub249 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub250 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub251 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub252 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub253 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub254 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub255 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub256 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub258 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub260 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub261 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub262 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub263 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub264 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub265 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub266 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub267 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub268 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub269 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub270 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub271 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub272 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub273 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub3 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub301 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub302 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub303 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub304 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub305 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub306 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub307 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub308 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub309 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub310 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub312 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub320 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub321 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub322 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub8 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\sample\Hist\sub901 -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\hotbar\UserInfo -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostIE -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostIE\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostOE -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostOE\updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostOI -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostOI\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostOL -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Time\HostOL\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Hotbar\Updates -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Microsoft\Internet Explorer\Explorer Bars\{2178C864-B8BC-41AE-A1FB-EB6A32F87EB1} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Microsoft\Internet Explorer\Explorer Bars\{A798E2B4-B6A0-4B96-8C53-8EC7A3B0895A} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Microsoft\Internet Explorer\Explorer Bars\{BECAFC17-BAF9-11D4-B492-00D0B77F0A6D} -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-1309225878-156967486-924725345-1125\Software\Microsoft\Internet Explorer\Explorer Bars\{FF6B2FD5-093C-4D4F-BB98-5641130A9DE6} -> Spyware.HotBar : Cleaned with backup
[596] C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
[1148] C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOE.dll -> Spyware.HotBar : Cleaned with backup
[1212] C:\WINNT\System32\ffsfdkk.dll -> Downloader.Qoologic.ac : Cleaned with backup
[1340] C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOE.dll -> Spyware.HotBar : Error during cleaning
[1324] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe -> Spyware.HotBar : Cleaned with backup
[1348] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe -> Spyware.HotBar : Cleaned with backup
[1372] C:\WINNT\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup
[1420] C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOE.dll -> Spyware.HotBar : Error during cleaning
[1380] C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOE.dll -> Spyware.HotBar : Error during cleaning
[1448] C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOE.dll -> Spyware.HotBar : Error during cleaning
[1412] C:\Program Files\Hotbar\Bin\4.6.1.0\HbHostOE.dll -> Spyware.HotBar : Error during cleaning
C:\Documents and Settings\Default User\Cookies\system@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Default User\Cookies\system@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\O1EFST6V\adsetup_silent.1.32[1].exe -> Dropper.Agent.abb : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J37291.3709953009.wcu/C:/WINNT/Profiles/GERRY.002/Local Settings/Temp/EACDownload/eagle.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J37704.6631633681.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/IPINSIGT.cab/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J37704.6631633681.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J37735.6708392824.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/IPINSIGT.cab/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J37735.6708392824.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@e-2dj6wflowpczikq.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@e-2dj6wjk4qidjgbo.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@e-2dj6wjkocmdpclo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@e-2dj6wjmyajazekp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@e-2dj6wjnycjc5mko.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/Cookies/gerry@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/ICD1.tmp/wupdt.exe -> Spyware.Imiserverieplugin : Cleaned with backup
C:\Documents and Settings\GERRY\Application Data\Business Logic\UWC\Backup\J38749.7744031134.WCU/C:/Documents and Settings/GERRY.EMC/Local Settings/Temp/ICD3.tmp/elite.ocx -> Adware.MediaMotor : Cleaned with backup
C:\Documents and Settings\GERRY\Cookies\gerry@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\GERRY\Cookies\gerry@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\GERRY\Cookies\gerry@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\GERRY\Local Settings\Temporary Internet Files\Content.IE5\GXOFK7GR\update0932[4].exe -> Spyware.Zasil : Cleaned with backup
C:\Documents and Settings\GERRY\Local Settings\Temporary Internet Files\Content.IE5\SH6NKL67\update0932[1].exe -> Spyware.Zasil : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Application Data\Business Logic\UWC\Backup\J37291.3709953009.wcu/C:/WINNT/Profiles/GERRY.002/Local Settings/Temp/EACDownload/eagle.exe -> Spyware.eAcceleration : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Application Data\Business Logic\UWC\Backup\J37704.6631633681.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/IPINSIGT.cab/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Application Data\Business Logic\UWC\Backup\J37704.6631633681.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Application Data\Business Logic\UWC\Backup\J37735.6708392824.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/IPINSIGT.cab/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Application Data\Business Logic\UWC\Backup\J37735.6708392824.WCU/C:/Documents and Settings/GERRY/Local Settings/Temp/ipinsigt.dll -> Spyware.IPInsight : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@ads18.bpath[1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@com[1].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@e-2dj6wgkyolcjcap.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@mysearch[1].txt -> Spyware.Cookie.Mysearch : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Cookies\gerry@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Local Settings\Temp\temp.fr2FDE -> Downloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\GERRY.EMC\Local Settings\Temp\temp.frF818 -> Spyware.CommAd : Cleaned with backup
C:\Program Files\hbinst\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\dBenderC.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\HbCoreSrv.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\HbHostIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\HbHostOE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\HbHostOL.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\HbInstIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\HbSrv.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\HbToolbar.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.1.8.0\Install.scr -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\dbenderc.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\HbCoreSrv.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\HbHostIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\HbHostOE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\HbHostOL.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\HbInstIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\HbSrv.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\HbToolbar.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.4.0\Install.scr -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\dbenderc.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\HbCoreSrv.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\HbHostIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\HbHostOE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\HbHostOL.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\HbInstIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\Hbsrv.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\HbToolbar.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.2.8.0\Install.scr -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\dbenderc.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\HbCoreSrv.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\HbHostIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\HbHostOE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\HbHostOL.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\HbInstIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\Hbsrv.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\HbToolbar.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.3.1.0\Install.scr -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\dbenderc.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\HbCoreSrv.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\HbHostIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\HbHostOE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\HbHostOL.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\HbInstIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\Hbsrv.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\HbToolbar.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.4.2.0\Install.scr -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\dBenderC.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\games2.ico -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbCoreSrv.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbGuard.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbHostIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbHostOE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbHostOL.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbInstIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbOEAddOn.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbSrv.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\HbToolbar.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\Install.scr -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\ShprRprt.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\Wallpaper.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\4.6.1.0\WeatherOnTray.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\Hbinst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\HbInstIE.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\HbUninst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\bin\reports.txt -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\hotbar.log -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\hotbar.log.bak.1126063686 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\Hotbar\hotbar_1138331277.log -> Spyware.HotBar : Cleaned with backup
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup
C:\Program Files\Orl\Vnc\VNCHooks.dll -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup
C:\Program Files\Orl\Vnc\vncviewer.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup
C:\Program Files\Orl\Vnc\WinVNC.exe -> Not-A-Virus.RemoteAdmin.Win32.WinVNC.333 : Cleaned with backup
C:\Program Files\ShopperReports -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin\1.0.4.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin\1.0.4.0\ShprRprt.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin\1.0.8.0 -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Bin\1.0.8.0\ShprRprt.dll -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\uninst.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\ShopperReports\Uninstall.exe -> Spyware.HotBar : Cleaned with backup
C:\Program Files\WildTangent\Components\SystemConfig0100.dll -> Spyware.WinAD : Cleaned with backup
C:\WINNT\Downloaded Program Files\elite.ocx -> Adware.MediaMotor : Cleaned with backup
C:\WINNT\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup
C:\WINNT\mynexus.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINNT\system32\Celebs-Nude-uninstall.exe -> Dialer.Generic : Cleaned with backup
C:\WINNT\system32\moz030715s.dll -> Spyware.WurldMedia : Cleaned with backup
C:\WINNT\system32\rxjdkzfs.exe -> Spyware.HotBar : Cleaned with backup
C:\WINNT\system32\wgkwq.dat -> Downloader.Qoologic.ac : Cleaned with backup
C:\WINNT\system32\wuauclt.dll -> Downloader.Small : Cleaned with backup
C:\WINNT\system32\xomjexwt.dll -> Spyware.WurldMedia : Cleaned with backup
C:\WINNT\Temp\adwsetup_upd.exe -> Dropper.Agent.abb : Cleaned with backup
C:\WINNT\ts.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\WINNT\wt\wtupdates\wtwebdriver\files\3.1.0.037\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtupdates\wtwebdriver\files\3.1.0.037\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtupdates\wtwebdriver\files\3.2.0.007\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtupdates\wtwebdriver\files\3.2.0.007\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End




Hijack This Log:
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\NavNT\vptray.exe
C:\WINNT\System32\sxssk4.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\GERRY.EMC\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\System32\nsp8B.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TChkBHO Class - {35738750-7F47-401E-9CB7-C98774044E44} - C:\WINNT\system32\xomjexwt.dll (file missing)
O2 - BHO: IEHlprObj Class - {47605E5A-5271-447B-8322-7D7637D07847} - C:\WINNT\System32\moz030715s.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
O4 - Global Startup: ruir.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emc
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\R2VycnkgSG9sdA\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#8 dknoppix

dknoppix

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 04 February 2006 - 08:34 PM

Hi,

Please Download the following tools to assist us in removing this infection
  • Download WinPFind
    • Right Click the Zip Folder and Select "Extract All"
    • Extract it somewhere you will remember like the Desktop
    • Dont do anything with it yet!
  • Download Track qoo
    • Save it somewhere you will remember like the Desktop
Reboot into Safe Mode
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Doubleclick WinPFind.exe
  • Click "Start Scan"
  • It will scan the entire System, so please be patient!
  • Once the Scan is Complete
  • Go to the WinPFind folder
  • Locate WinPFind.txt
  • Place those results in the next post!
Reboot back to Normal Mode!

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

dk :thumbsup:

Edited by dknoppix, 04 February 2006 - 08:36 PM.


#9 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 05 February 2006 - 01:44 PM

Hi dk,
Again, thanks for all your help. Here's the lowdown on my computer. This computer used to be a work computer for an acquaintance of mine and, therefore, has settings that I don't know how to change (I'm a Mac user most of the time and am not very knowledgeable on PCs, but I'm learning). Anyway, I had to boot the computer under "Safe Mode with Networking" since the log on to windows is through the original network mode. I have tried to change the User name and Password to a personal one, but have been unsuccessful. Since the "Log on to:" was unavailable in the "Safe Mode," it wouldn't accept the password. Below are the results you have requested. It sounds as though you need these two reports in separate posts so the WinPFind.txt is in this post and the Track qoo is in the next one. Much appreciation!!!

Windows OS and Versions
Product Name: Microsoft Windows 2000 Current Build: Service Pack 3 Current Build Number: 2195
Internet Explorer Version: 6.0.2800.1106

Checking Selected Standard Folders

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
UPX! 5/14/2003 7:35:58 PM 1114744 C:\WINNT\screengenie.scr

Checking %System% folder...
UPX! 2/6/2003 2:49:32 PM 726016 C:\WINNT\SYSTEM32\beegd10.ocx
UPX! 7/5/2000 4:03:36 PM 29184 C:\WINNT\SYSTEM32\clsNCX22.dll
UPX! 7/5/2000 4:16:52 PM 16384 C:\WINNT\SYSTEM32\clsNOL22.dll
UPX! 7/5/2000 4:02:38 PM 48128 C:\WINNT\SYSTEM32\clsNPB22.dll
UPX! 7/5/2000 4:16:36 PM 226816 C:\WINNT\SYSTEM32\clsNRN22.dll
69.59.186.63 2/5/2006 10:58:40 AM 10240 C:\WINNT\SYSTEM32\eraed.dll
209.66.67.134 2/5/2006 10:58:40 AM 10240 C:\WINNT\SYSTEM32\eraed.dll
web-nex 2/5/2006 10:58:40 AM 10240 C:\WINNT\SYSTEM32\eraed.dll
winsync 2/5/2006 10:58:40 AM 10240 C:\WINNT\SYSTEM32\eraed.dll
69.59.186.63 2/5/2006 11:06:52 AM 46080 C:\WINNT\SYSTEM32\ffsfdkk.dll
209.66.67.134 2/5/2006 11:06:52 AM 46080 C:\WINNT\SYSTEM32\ffsfdkk.dll
web-nex 2/5/2006 11:06:52 AM 46080 C:\WINNT\SYSTEM32\ffsfdkk.dll
winsync 2/5/2006 11:06:52 AM 46080 C:\WINNT\SYSTEM32\ffsfdkk.dll
UPX! 7/14/2003 1:25:22 PM 335360 C:\WINNT\SYSTEM32\GnucDNA.dll
UPX! 5/14/2003 7:35:36 PM 134776 C:\WINNT\SYSTEM32\mfimage.dll
WinShutDown 11/18/1999 11:04:00 AM 225280 C:\WINNT\SYSTEM32\Nhloader.exe
UPX! 5/14/2003 7:35:48 PM 33912 C:\WINNT\SYSTEM32\npmirage.dll
UPX! 1/18/2006 3:19:02 PM 84480 C:\WINNT\SYSTEM32\nsbC.dll
UPX! 1/27/2006 2:41:22 PM 84480 C:\WINNT\SYSTEM32\nsp8B.dll
Umonitor 7/22/2002 1:05:04 PM 528144 C:\WINNT\SYSTEM32\RASDLG.DLL
winsync 7/26/2000 6:00:00 AM 1309184 C:\WINNT\SYSTEM32\wbdbase.deu
UPX! 5/14/2003 7:35:58 PM 1114744 C:\WINNT\SYSTEM32\xmforgert.exe
UPX! 5/14/2003 7:36:06 PM 133752 C:\WINNT\SYSTEM32\XMirage.ocx

Checking %System%\Drivers folder and sub-folders...

Items found in C:\WINNT\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
2/1/2006 7:11:00 PM H 54156 C:\WINNT\QTFont.qfn
2/1/2006 5:58:06 PM H 1282380 C:\WINNT\ShellIconCache
2/5/2006 11:05:00 AM S 64 C:\WINNT\CSC\00000001
1/15/2006 1:24:54 PM S 64 C:\WINNT\CSC\00000002
2/1/2006 6:11:38 PM H 65 C:\WINNT\Downloaded Program Files\desktop.ini
2/1/2006 6:11:38 PM H 65 C:\WINNT\Offline Web Pages\desktop.ini
2/5/2006 10:57:14 AM H 35870 C:\WINNT\system32\vsconfig.xml
2/1/2006 8:47:20 PM H 4212 C:\WINNT\system32\zllictbl.dat
2/5/2006 10:59:20 AM H 1024 C:\WINNT\system32\config\default.LOG
2/5/2006 11:04:40 AM H 1024 C:\WINNT\system32\config\SECURITY.LOG
2/5/2006 11:07:16 AM H 1024 C:\WINNT\system32\config\software.LOG
2/5/2006 11:01:34 AM H 6 C:\WINNT\Tasks\SA.DAT
2/1/2006 6:11:46 PM H 11083 C:\WINNT\Web\ftp.htt

Checking for CPL files...
Microsoft Corporation 7/26/2000 6:00:00 AM 67344 C:\WINNT\SYSTEM32\access.cpl
Microsoft Corporation 12/10/2002 5:37:36 PM 301328 C:\WINNT\SYSTEM32\appwiz.cpl
Aureal Semiconductor 9/17/1999 7:51:58 AM 121344 C:\WINNT\SYSTEM32\au30cpl.cpl
Microsoft Corporation 7/22/2002 1:05:04 PM 237328 C:\WINNT\SYSTEM32\DESK.CPL
Microsoft Corporation 2/10/1999 11:48:48 AM 40960 C:\WINNT\SYSTEM32\Findfast.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 128272 C:\WINNT\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\inetcpl.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 118032 C:\WINNT\SYSTEM32\intl.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 36112 C:\WINNT\SYSTEM32\irprops.cpl
Microsoft Corporation 10/30/2001 8:10:00 AM 326144 C:\WINNT\SYSTEM32\joy.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 122128 C:\WINNT\SYSTEM32\main.cpl
Microsoft Corporation 10/14/1996 1:38:00 AM 48400 C:\WINNT\SYSTEM32\mlcfg32.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 303888 C:\WINNT\SYSTEM32\mmsys.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 17168 C:\WINNT\SYSTEM32\ncpa.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 41232 C:\WINNT\SYSTEM32\nwc.cpl
Microsoft Corporation 7/22/2002 1:05:04 PM 41232 C:\WINNT\SYSTEM32\odbccp32.cpl
Microsoft Corporation 7/22/2002 1:05:04 PM 90896 C:\WINNT\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 3/22/2001 11:08:30 AM 24576 C:\WINNT\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 10/10/2002 7:17:02 PM 295936 C:\WINNT\SYSTEM32\QuickTime.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 83216 C:\WINNT\SYSTEM32\sticpl.cpl
Microsoft Corporation 7/22/2002 1:05:04 PM 125712 C:\WINNT\SYSTEM32\SYSDM.CPL
Microsoft Corporation 7/26/2000 6:00:00 AM 5904 C:\WINNT\SYSTEM32\telephon.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 61200 C:\WINNT\SYSTEM32\timedate.cpl
Microsoft Corporation 10/14/1996 1:38:00 AM 34576 C:\WINNT\SYSTEM32\wgpocpl.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 12/10/2002 5:37:36 PM 301328 C:\WINNT\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/29/2002 7:14:40 AM 292352 C:\WINNT\SYSTEM32\dllcache\inetcpl.cpl
IBM Corporation 9/23/1999 5:44:36 PM 94208 C:\WINNT\SYSTEM32\dllcache\mwcpa32.cpl
Microsoft Corporation 7/26/2000 6:00:00 AM 41232 C:\WINNT\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 5/26/2005 3:16:30 AM 174360 C:\WINNT\SYSTEM32\dllcache\wuaucpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
2/8/2004 4:38:12 PM 703 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
12/17/2003 5:54:18 PM 703 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
3/23/2004 1:22:24 PM 1622 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CAMEDIA Master.lnk
12/25/2003 11:21:28 AM 1580 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EPSON CardMonitor.lnk
8/8/2003 6:47:56 PM 1568 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
8/8/2003 6:47:56 PM 600 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PowerPanel.lnk
2/5/2006 11:06:52 AM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ruir.exe

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
H010818 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\msxmgttk
{7cb838eb-b8dc-40af-a466-7a8becf7d407} = C:\WINNT\System32\eraed.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\WINNT\Downloaded Program Files\ymmapi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WinZip\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINNT\system32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINNT\system32\docprop2.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01EB5130-FC0C-4d75-B9CE-4801B1B854F5}
bitlocker = C:\WINNT\System32\nsp8B.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}
Yahoo! Companion BHO = C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35738750-7F47-401E-9CB7-C98774044E44}
TChkBHO Class = C:\WINNT\system32\xomjexwt.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47605E5A-5271-447B-8322-7D7637D07847}
IEHlprObj Class = C:\WINNT\System32\moz030715s.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\System32\msdxm.ocx

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINNT\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
{B195B3B3-8A05-11D3-97A4-0004ACA6948E} = :
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINNT\System32\msdxm.ocx
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
{014DA6C9-189F-421A-88CD-07CFE51CFF10} = :
{B195B3B3-8A05-11D3-97A4-0004ACA6948E} = :

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Synchronization Manager mobsync.exe /logon
LoadQM loadqm.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
vptray C:\Program Files\NavNT\vptray.exe
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
WeatherOnTray C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
Hotbar C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
ntdll.dll C:\WINNT\System32\sxssk4.exe reg_run
winsync C:\WINNT\System32\sxssk4.exe reg_run
Zone Labs Client C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
CreateCD C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0
NoSaveSettings 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINNT\system32\netshell.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINNT\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\NavLogon
= C:\WINNT\system32\NavLogon.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 2/5/2006 11:14:42 AM

#10 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 05 February 2006 - 01:45 PM

Track qoo:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe /logon"
"LoadQM"="loadqm.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"vptray"="C:\\Program Files\\NavNT\\vptray.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"WeatherOnTray"="C:\\Program Files\\Hotbar\\Bin\\4.6.1.0\\WeatherOnTray.exe"
"Hotbar"="C:\\Program Files\\Hotbar\\Bin\\4.6.1.0\\HbOEAddOn.exe"
"ntdll.dll"="C:\\WINNT\\System32\\sxssk4.exe reg_run"
"winsync"="C:\\WINNT\\System32\\sxssk4.exe reg_run"
"Zone Labs Client"="C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"
"CreateCD"="C:\\PROGRA~1\\Adaptec\\EASYCD~1\\CreateCD\\createcd.exe -r"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C}
C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll

Subkey --- msxmgttk
{7cb838eb-b8dc-40af-a466-7a8becf7d407}
C:\WINNT\System32\eraed.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINNT\system32\shell32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINNT\system32\shell32.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WinZip\WZSHLSTB.DLL

Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\WINNT\Downloaded Program Files\ymmapi.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINNT\system32\shell32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINNT\system32\docprop2.dll

Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINNT\system32\faxshell.dll

Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINNT\system32\docprop2.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Gamma Loader.exe.lnk
Adobe Gamma Loader.lnk
CAMEDIA Master.lnk
EPSON CardMonitor.lnk
Microsoft Office.lnk
PowerPanel.lnk
ruir.exe
==============================
C:\Documents and Settings\GERRY.EMC\Start Menu\Programs\Startup

Adobe Gamma Loader.exe.lnk
Adobe Gamma Loader.lnk
CAMEDIA Master.lnk
EPSON CardMonitor.lnk
Microsoft Office.lnk
PowerPanel.lnk
ruir.exe
==============================
C:\WINNT\system32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
au30cpl.cpl Aureal Semiconductor
DESK.CPL Microsoft Corporation
Findfast.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
main.cpl Microsoft Corporation
mlcfg32.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
prefscpl.cpl RealNetworks, Inc.
QuickTime.cpl Apple Computer, Inc.
sticpl.cpl Microsoft Corporation
SYSDM.CPL Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wgpocpl.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation

#11 dknoppix

dknoppix

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 09 February 2006 - 07:31 PM

Hi,

Download Pocket KillBox from here. There is a Direct Download and a description of what the Program does inside this link.

Please open Notepad, and copy/paste the code in the box below into a new text file. Save it as KillQoo.reg (set Filetype to "All Files") and save it on your Desktop.

REGEDIT4


[-HKEY_CURRENT_USER\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\msxmgttk]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\msxmgttk]

[-HKEY_CLASSES_ROOT\CLSID\{b7d5f41b-c539-43d7-b6c4-82289e613ef9}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"winsync"=-

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run]
"ntdll.dll"=-


Open Pocket Killbox and Copy & Paste the entries below into the "Full Path of File to Delete"


C:\WINNT\System32\sxssk4.exe
C:\WINNT\screengenie.scr
C:\WINNT\SYSTEM32\beegd10.ocx
C:\WINNT\SYSTEM32\clsNCX22.dll
C:\WINNT\SYSTEM32\clsNOL22.dll
C:\WINNT\SYSTEM32\clsNPB22.dll
C:\WINNT\SYSTEM32\clsNRN22.dll
C:\WINNT\SYSTEM32\eraed.dll
C:\WINNT\SYSTEM32\ffsfdkk.dll
C:\WINNT\SYSTEM32\mfimage.dll
C:\WINNT\SYSTEM32\npmirage.dll
C:\WINNT\SYSTEM32\nsbC.dll
C:\WINNT\SYSTEM32\nsp8B.dll
C:\WINNT\SYSTEM32\xmforgert.exe


As you Paste each entry into Killbox,place a tick by any of these Selections available

"Delete on Reboot"
"Unregister .dll before Deleting"


Click the Red Circle with the White X in the Middle to Delete!

Restart in Safe Mode and Run those files through Killbox once more to be sure nothing survived.

This time place a tick by any of these selections available

"Standard File Kill"
"End Explorer Shell while Killing File"
"Unregister .dll before Deleting"


Now Locate and DoubleClick KillQoo.reg-> Allow it to merge into the Registry!

Restart back in Normal Mode and Post a fresh HijackThis log!

dk

Edited by dknoppix, 09 February 2006 - 07:41 PM.


#12 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 11 February 2006 - 11:06 AM

Here ya go. Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 10:08:01 AM, on 2/11/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\GERRY.EMC\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\System32\nsp8B.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: TChkBHO Class - {35738750-7F47-401E-9CB7-C98774044E44} - C:\WINNT\system32\xomjexwt.dll (file missing)
O2 - BHO: IEHlprObj Class - {47605E5A-5271-447B-8322-7D7637D07847} - C:\WINNT\System32\moz030715s.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emc
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\R2VycnkgSG9sdA\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#13 dknoppix

dknoppix

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 13 February 2006 - 12:15 PM

  • Please double-click Killbox.exe from your desktop to run it.
  • Select
    • "Delete on Reboot
    • then Click on the "All Files" button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\Documents and Settings\GERRY.EMC\Start Menu\Programs\Startup\ruir.exe
    C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ruir.exe
    C:\Program Files\Hotbar



  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "OK" at any PendingRenameOperations prompt.
If your computer does not restart automatically, please restart it manually.

Open HijackThis,click the "Scan" button, and check the following items:

O2 - BHO: bitlocker - {01EB5130-FC0C-4d75-B9CE-4801B1B854F5} - C:\WINNT\System32\nsp8B.dll (file missing)
O2 - BHO: TChkBHO Class - {35738750-7F47-401E-9CB7-C98774044E44} - C:\WINNT\system32\xomjexwt.dll (file missing)
O2 - BHO: IEHlprObj Class - {47605E5A-5271-447B-8322-7D7637D07847} - C:\WINNT\System32\moz030715s.dll (file missing)
O4 - HKLM\..\Run: [Hotbar] C:\Program Files\Hotbar\Bin\4.6.1.0\HbOEAddOn.exe
O4 - HKLM\..\Run: [ntdll.dll] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\sxssk4.exe reg_run
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540013} (CInstall Class) - http://adserver.sharewareonline.com/adserver/Install.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - http://pointa.autodesk.com/portal/lang/enu/InstFred.Ocx
O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.0_01) -
O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) - http://www.live365.com/players/play365.cab
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\R2VycnkgSG9sdA\command.exe (file missing)


Close all windows except HijackThis and click the "Fix Checked" button.

Reboot and post a new HijackThis log.

dk :thumbsup:

#14 HockeyFan

HockeyFan
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 13 February 2006 - 08:54 PM

Logfile of HijackThis v1.99.1
Scan saved at 7:56:41 PM, on 2/13/2006
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\System32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\system32\ZoneLabs\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe
C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
C:\PROGRA~1\WinZip\winzip32.exe
C:\DOCUME~1\GERRY.EMC\LOCALS~1\Temp\HijackThis.exe
C:\WINNT\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/ymsgr/defaul...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tds.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://rd.yahoo.com/customize/ymsgr/defaul...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [WeatherOnTray] C:\Program Files\Hotbar\Bin\4.6.1.0\WeatherOnTray.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\sxssk4.exe reg_run
O4 - HKLM\..\Run: [CreateCD] C:\PROGRA~1\Adaptec\EASYCD~1\CreateCD\createcd.exe -r
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: CAMEDIA Master.lnk = C:\Program Files\OLYMPUS\CAMEDIA Master 4.1\CM_camera.exe
O4 - Global Startup: EPSON CardMonitor.lnk = C:\Program Files\EPSON\EPSON CardMonitor\EPSON CardMonitor1.1.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: PowerPanel.lnk = C:\Program Files\CyberPower\PowerPanel\PowPanel.exe
O8 - Extra context menu item: Send Image to Photo Library - file://C:\Program Files\MGI\MGI PhotoSuite II\Temp\MGI00000.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll (file missing)
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200212...meInstaller.exe
O16 - DPF: {737D14F8-4090-11D4-AE0E-0010830243BD} (SysVerChk Control) - http://pointa.autodesk.com/portal/lang/neutral/SysVerChk.ocx
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/...ymmapi_0727.dll
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - http://pointa.autodesk.com/portal/lang/enu/InstBanr.Ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = emc
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = emc
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINNT\R2VycnkgSG9sdA\command.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperWorkstation\DKService.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

#15 dknoppix

dknoppix

  • Members
  • 143 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 18 February 2006 - 09:58 PM

Can you please run Winpfind again and post the results?

Thanks,

dk :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users