Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home Search Assistant Infection--hijackthis Log


  • This topic is locked This topic is locked
41 replies to this topic

#1 ddp

ddp

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 20 June 2006 - 12:24 AM

I've been following your instructions on how to remove the Home Search assistant--but I'm afraid to remove any of the hijack this files without confirmation. Could someone please advise what should be removed?

Thank you...

Logfile of HijackThis v1.99.1
Scan saved at 11:03:35 PM, on 6/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: Class - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - C:\WINDOWS\system32\javall.dll (file missing)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5_0001_LP1014] "C:\Documents and Settings\John Batt\Local Settings\Temporary Internet Files\Content.IE5\SHZ54P28\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [sdket32.exe] C:\WINDOWS\sdket32.exe
O4 - HKLM\..\Run: [jgplnca] C:\WINDOWS\system32\rhpyjmx.exe r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [appwo.exe] C:\WINDOWS\appwo.exe
O4 - HKLM\..\Run: [ntaa.exe] C:\WINDOWS\system32\ntaa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144546731609
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: ab2k - {01004100-0000-0000-B4F2-00207810F9A4} - C:\Program Files\Ab2k\AB2KCD.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Elizabeth Batt\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 20 June 2006 - 12:28 PM

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 22 June 2006 - 09:17 PM

Thank you very much for your help, I appreciate it greatly. When this pc was dropped off to me, it had 2623 viruses and spyware. It's come a long way, I hope this is my last step!

Ewido Log:
--------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 7:58:43 PM 6/22/2006 + Scan result: HKLM\SOFTWARE\Classes\CLSID\{004FBD22-BF74-D521-7B75-458EFE8A5F31} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{01150869-6EAA-DBD5-EC6D-97E0570E4D55} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{013A22CB-C720-7FB1-F261-300904C98BFD} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{02A69FBB-7B0E-C07B-30E9-E43203460F06} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{032FD310-B05A-9CD7-D30D-E062B48F330F} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0335A959-B9C0-9D39-CE10-E98805C38BB3} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{040586B1-2E66-878B-C961-4BB116976016} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{04FC5C29-73C6-99FE-9568-2D6316E0DB4F} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{05B6EF02-FA16-A604-30E6-60FD64B064E4} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{05C095E7-A44C-D83C-D547-D3462410CF3E} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{05D1E7E3-6BEF-35A7-EA95-41C9AA0FD288} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{07146AF0-7FF5-EAB9-8DF4-A761A47B6EC0} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{082FA205-CF3A-E156-F50C-35DEC1A41A0F} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{08513E59-0400-6BA4-A3DF-9337E2F8AE68} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{08830AC7-DB27-563D-C0B5-45488166A6EF} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0A9AC70B-D55C-F5E0-B29D-89941C454F9E} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0B1EE411-AA39-3697-5178-CE2DA69880D8} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0B4CB86F-D21A-B1C2-381D-61FA9B55F603} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0DA115E4-0B55-36E0-99F9-1D1B9FD4FBDB} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0E36A5AB-890B-6E21-77B4-9D92E1DFBE39} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0E517276-A832-EE34-BD3B-46D57F295F61} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{0FC10DA6-621C-EEAE-0E43-CB4CCFC5B848} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{112D5427-36BF-B118-6762-B819C2050E43} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{11B80E45-BEC0-8756-1DFA-87AE79FA25EC} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{1213B49D-9D45-A2C8-01DB-95DEB4CC99FA} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{124D0F11-4118-F197-B2B9-2911BC897B9D} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{143F0CC4-8D27-1804-BC97-F2655B846C8C} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{146C42AD-EBB6-43E5-C5BA-DB26064A7470} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{16A67573-5153-0344-B04A-BF8F43B5057F} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{193E2789-81D0-3180-EBA7-955C06C40ED9} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{19A72A9E-9283-25A1-64C8-866A3A28A5F6} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{1C41EA19-F010-C8C9-B542-ECB8825621D2} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{1DFFBD4D-E8D2-D6F9-3733-F3C0A037E369} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{1EA0FE88-00AF-1B1E-D605-B11A46041255} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{1EB85513-475B-B2B3-4D4B-195A1B05B83D} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{1FA6740E-EFFA-5A22-3EBB-3FEAEF48F18E} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{20346D4E-082E-DCC2-8477-CA2FA5F3D1F4} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{21165088-A6A7-77FF-067A-CE5B83F27AC4} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{21B99E2C-B550-3547-18F7-761ADD763061} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{21E654F5-CF30-4A95-C97F-98763D1324F9} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{2285B198-6B1E-F3E9-EDB0-C1211C68788F} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{22B1BD81-78EF-C72F-0793-EFF78ED6B103} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{22BF9CFD-BC21-2C25-35F3-9EFED9FD26C6} -> Adware.CoolWebSearch : No action taken. HKLM\SOFTWARE\Classes\CLSID\{23804345-0FD5-5680-B6E9-05AEE8E0B54D} -> Adware.CoolWebSearch : No action taken. :mozilla.46:C:\Documents and Settings\Elizabeth Batt\Application Data\Mozilla\Firefox\Profiles\1pbvepte.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.6:C:\Documents and Settings\Elizabeth Batt\Application Data\Mozilla\Firefox\Profiles\1pbvepte.default\cookies.txt -> TrackingCookie.2o7 : No action taken. :mozilla.7:C:\Documents and Settings\Elizabeth Batt\Application Data\Mozilla\Firefox\Profiles\1pbvepte.default\cookies.txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Elizabeth Batt\Cookies\elizabeth batt@2o7[2].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Elizabeth Batt\Cookies\elizabeth batt@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\John S. Batt\Cookies\john s. batt@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken. C:\Documents and Settings\Elizabeth Batt\Cookies\elizabeth batt@www.burstnet[1].txt -> TrackingCookie.Burstnet : No action taken. C:\Documents and Settings\Elizabeth Batt\Cookies\elizabeth batt@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken. C:\Documents and Settings\Elizabeth Batt\Cookies\elizabeth batt@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken. C:\Documents and Settings\Elizabeth Batt\Cookies\elizabeth batt@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken. C:\Documents and Settings\John S. Batt\Cookies\john s. batt@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken. C:\Documents and Settings\John Batt\Local Settings\Temp\Cookies\john batt@image.masterstats[1].txt -> TrackingCookie.Masterstats : No action taken. :mozilla.18:C:\Documents and Settings\Elizabeth Batt\Application Data\Mozilla\Firefox\Profiles\1pbvepte.default\cookies.txt -> TrackingCookie.Ru4 : No action taken. :mozilla.19:C:\Documents and Settings\Elizabeth Batt\Application Data\Mozilla\Firefox\Profiles\1pbvepte.default\cookies.txt -> TrackingCookie.Ru4 : No action taken. C:\Documents and Settings\Elizabeth Batt\Cookies\elizabeth batt@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : No action taken. ::Report end

Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 8:04:49 PM, on 6/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: Class - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - C:\WINDOWS\system32\javall.dll (file missing)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5_0001_LP1014] "C:\Documents and Settings\John Batt\Local Settings\Temporary Internet Files\Content.IE5\SHZ54P28\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [sdket32.exe] C:\WINDOWS\sdket32.exe
O4 - HKLM\..\Run: [jgplnca] C:\WINDOWS\system32\rhpyjmx.exe r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [appwo.exe] C:\WINDOWS\appwo.exe
O4 - HKLM\..\Run: [ntaa.exe] C:\WINDOWS\system32\ntaa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144546731609
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: ab2k - {01004100-0000-0000-B4F2-00207810F9A4} - C:\Program Files\Ab2k\AB2KCD.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Elizabeth Batt\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again; I look forward to your next post.

Regards, ddp

#4 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 22 June 2006 - 09:21 PM

By the way, Ewido acts a little different than your instructions. Maybe it's a newer version?

Thanks again!

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 23 June 2006 - 10:34 AM

Yes it just changed and is different!

Sorry - HiJackThis is runing from a temp directory and must be moved to run correctly

Click here to download HJTsetup.exe:
http://www.thespykiller.co.uk/forum/index....=tpmod;dl=item5

Save HJTsetup.exe to your desktop.

Double click on the HJTsetup.exe icon on your desktop.
By default it will install to C:\Program Files\Hijack This.
Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
Put a check by Create a desktop icon then click Next again.
Continue to follow the rest of the prompts from there.
At the final dialogue box click Finish and it will launch Hijack This.
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
================

Since it is so badly infected do this also

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
=============

Carefully run HiJcak scan only and for those BHO's no file - mark them, then at the end close IE and then click fix checked

Boot and post the logs
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 23 June 2006 - 10:17 PM

I can't tell you how much I appreciate your help--but I'd like to preface my logs by telling you that this is NOT MY COMPUTER! I'm working on it because it's a free machine for us if I can fix it :thumbsup: I apologize in advance for the less appropriate site cookies you are about to see... All apologies.

When following your directions, it sounded like you wanted me to run HJT, then run the SpySweeper and then run HJT again. So here are the three logs:

Hijack this log #1:
Logfile of HijackThis v1.99.1
Scan saved at 7:07:16 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: Class - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - C:\WINDOWS\system32\javall.dll (file missing)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NI.UWFX5_0001_LP1014] "C:\Documents and Settings\John Batt\Local Settings\Temporary Internet Files\Content.IE5\SHZ54P28\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [sdket32.exe] C:\WINDOWS\sdket32.exe
O4 - HKLM\..\Run: [jgplnca] C:\WINDOWS\system32\rhpyjmx.exe r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [appwo.exe] C:\WINDOWS\appwo.exe
O4 - HKLM\..\Run: [ntaa.exe] C:\WINDOWS\system32\ntaa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144546731609
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: ab2k - {01004100-0000-0000-B4F2-00207810F9A4} - C:\Program Files\Ab2k\AB2KCD.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Elizabeth Batt\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Spy Sweeper Log:
********
7:09 PM: | Start of Session, Friday, June 23, 2006 |
7:09 PM: Spy Sweeper started
7:09 PM: Sweep initiated using definitions version 706
7:09 PM: Starting Memory Sweep
7:12 PM: Memory Sweep Complete, Elapsed Time: 00:02:58
7:12 PM: Starting Registry Sweep
7:12 PM: Found Trojan Horse: agent.ay downloader
7:12 PM: HKCR\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (2 subtraces) (ID = 103338)
7:12 PM: HKLM\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (2 subtraces) (ID = 103347)
7:12 PM: Found Adware: coolwebsearch (cws)
7:12 PM: HKCR\clsid\{8bbd3feb-8f56-fa45-f83e-0589e7e09434}\ (4 subtraces) (ID = 107350)
7:12 PM: HKCR\clsid\{9e1e5c74-8a47-a3b8-9d79-4318af0fe18f}\ (2 subtraces) (ID = 107394)
7:12 PM: HKCR\clsid\{29f1d625-8bc0-9364-c57c-db62035abd50}\ (37 subtraces) (ID = 107434)
7:12 PM: HKCR\clsid\{65d75d06-7395-6352-09cd-e13b9059efe9}\ (4 subtraces) (ID = 107500)
7:12 PM: HKCR\clsid\{905bd5e4-261c-4efd-5456-cd124d7b9d18}\ (2 subtraces) (ID = 107685)
7:12 PM: HKCR\clsid\{24773bd8-e594-eb59-ae83-ff78546ede07}\ (6083 subtraces) (ID = 107766)
7:12 PM: HKCR\clsid\{72071605-48f5-cc68-b374-2cddf451f27f}\ (4 subtraces) (ID = 107873)
7:12 PM: HKCR\clsid\{a1bd0d9e-655b-cb60-6f75-1dfc720aeab9}\ (2 subtraces) (ID = 107886)
7:12 PM: HKCR\clsid\{a7d90935-7d8e-3e5d-9e71-486d629fcaad}\ (4 subtraces) (ID = 107893)
7:12 PM: HKCR\clsid\{d02510a9-69a7-24d5-85da-d3ec8e911c73}\ (4 subtraces) (ID = 108130)
7:12 PM: HKLM\software\classes\clsid\{8bbd3feb-8f56-fa45-f83e-0589e7e09434}\ (4 subtraces) (ID = 108738)
7:12 PM: HKLM\software\classes\clsid\{9e1e5c74-8a47-a3b8-9d79-4318af0fe18f}\ (2 subtraces) (ID = 108781)
7:12 PM: HKLM\software\classes\clsid\{29f1d625-8bc0-9364-c57c-db62035abd50}\ (37 subtraces) (ID = 108821)
7:12 PM: HKLM\software\classes\clsid\{65d75d06-7395-6352-09cd-e13b9059efe9}\ (4 subtraces) (ID = 108887)
7:12 PM: HKLM\software\classes\clsid\{905bd5e4-261c-4efd-5456-cd124d7b9d18}\ (2 subtraces) (ID = 109069)
7:12 PM: HKLM\software\classes\clsid\{24773bd8-e594-eb59-ae83-ff78546ede07}\ (6083 subtraces) (ID = 109150)
7:12 PM: HKLM\software\classes\clsid\{72071605-48f5-cc68-b374-2cddf451f27f}\ (4 subtraces) (ID = 109257)
7:12 PM: HKLM\software\classes\clsid\{a1bd0d9e-655b-cb60-6f75-1dfc720aeab9}\ (2 subtraces) (ID = 109269)
7:12 PM: HKLM\software\classes\clsid\{a7d90935-7d8e-3e5d-9e71-486d629fcaad}\ (4 subtraces) (ID = 109276)
7:12 PM: HKLM\software\classes\clsid\{d02510a9-69a7-24d5-85da-d3ec8e911c73}\ (4 subtraces) (ID = 109513)
7:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8a0b6039-9c48-66d5-8bfb-9f32f71c1612}\ (1 subtraces) (ID = 111385)
7:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{12feff17-907f-d9d8-2f06-fec8f3c36a99}\ (1 subtraces) (ID = 111448)
7:12 PM: Found Adware: cws-aboutblank
7:12 PM: HKCR\clsid\{b38f516e-48f2-cdbb-7d76-e0cfbcdbee45}\ (2 subtraces) (ID = 113906)
7:12 PM: HKLM\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115926)
7:12 PM: Found Adware: cws_hotoffers_desktophijacker
7:12 PM: HKCR\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\ (2 subtraces) (ID = 117239)
7:12 PM: HKLM\software\classes\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\ (2 subtraces) (ID = 117242)
7:12 PM: Found Adware: cws_ns3
7:12 PM: HKCR\clsid\{0ad1a770-f33d-516e-a6bd-a3aeb8568eac}\ (4 subtraces) (ID = 117596)
7:12 PM: HKCR\clsid\{0add4d53-b7dd-20f8-2ac9-ab9cb538a46f}\ (4 subtraces) (ID = 117597)
7:12 PM: HKCR\clsid\{0b4f9b2c-f81d-7c42-ae33-07f0fcb846ec}\ (4 subtraces) (ID = 117601)
7:12 PM: HKCR\clsid\{0b538ae6-8676-e13b-4cec-e6a75f19f1ef}\ (4 subtraces) (ID = 117607)
7:12 PM: HKCR\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\ (4 subtraces) (ID = 117608)
7:12 PM: HKCR\clsid\{0e37d9e0-99e3-da14-3197-60132338963e}\ (4 subtraces) (ID = 117620)
7:12 PM: HKCR\clsid\{029db004-6bcd-0e73-3aea-f205b565f0f8}\ (4 subtraces) (ID = 117644)
7:12 PM: HKCR\clsid\{031788de-6282-f9cd-262a-aa22cda2b068}\ (4 subtraces) (ID = 117649)
7:12 PM: HKCR\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 117661)
7:12 PM: HKCR\clsid\{04d2569c-ed83-79fb-0e43-f43dfa258774}\ (4 subtraces) (ID = 117663)
7:12 PM: HKCR\clsid\{04256906-bece-83ac-2058-27aba38b11a3}\ (4 subtraces) (ID = 117668)
7:12 PM: HKCR\clsid\{06559367-a395-44b2-d6a0-0631d6323797}\ (4 subtraces) (ID = 117680)
7:12 PM: HKCR\clsid\{07d80144-9372-feac-aedd-21ae8732f067}\ (4 subtraces) (ID = 117685)
7:12 PM: HKCR\clsid\{08bfba35-c44b-38a4-2263-278430dc9376}\ (4 subtraces) (ID = 117691)
7:12 PM: HKCR\clsid\{1b9cee94-e0d7-13cf-2da8-ca3c766eaad0}\ (4 subtraces) (ID = 117706)
7:12 PM: HKCR\clsid\{1e920882-80ef-bd61-dbbd-0847c13d1197}\ (2 subtraces) (ID = 117728)
7:12 PM: HKCR\clsid\{1ea0ce66-d6d5-2ceb-d734-97906011f9a8}\ (4 subtraces) (ID = 117729)
7:12 PM: HKCR\clsid\{1f5650ba-2c95-0e8c-5c3f-d482646bf979}\ (4 subtraces) (ID = 117737)
7:12 PM: HKCR\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (4 subtraces) (ID = 117744)
7:12 PM: HKCR\clsid\{2b284248-d0fe-c340-0d87-abd55dd24bfa}\ (4 subtraces) (ID = 117747)
7:12 PM: HKCR\clsid\{2bfab072-a3f3-0a97-6990-3673392b7dfc}\ (4 subtraces) (ID = 117750)
7:12 PM: HKCR\clsid\{2d7c78d3-f49a-8bd3-9a98-41f319d802b2}\ (4 subtraces) (ID = 117760)
7:12 PM: HKCR\clsid\{2d99fd34-f395-dfb0-0852-36d4976f6e3d}\ (4 subtraces) (ID = 117765)
7:12 PM: HKCR\clsid\{3b9e0a95-3eba-124f-52d1-033c73734625}\ (4 subtraces) (ID = 117788)
7:12 PM: HKCR\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 117807)
7:12 PM: HKCR\clsid\{4cc6b346-9934-1c2f-1ebb-53f81823d9b4}\ (4 subtraces) (ID = 117841)
7:12 PM: HKCR\clsid\{4f8e9fa5-37e2-683e-e18d-19ac6697532d}\ (4 subtraces) (ID = 117861)
7:12 PM: HKCR\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\ (4 subtraces) (ID = 117864)
7:12 PM: HKCR\clsid\{4ffb405e-2d99-7374-b6d3-f0cd9dc8744e}\ (2 subtraces) (ID = 117868)
7:12 PM: HKCR\clsid\{5b7e5c2f-7668-51a3-ba8c-f6b376755af9}\ (2 subtraces) (ID = 117877)
7:12 PM: HKCR\clsid\{5da6ca48-7d98-bc0b-40ef-22ac6558668a}\ (4 subtraces) (ID = 117892)
7:12 PM: HKCR\clsid\{5f32646e-6d3e-257c-2369-efd1a3a012f8}\ (4 subtraces) (ID = 117911)
7:12 PM: HKCR\clsid\{6a389597-708b-6f9d-b6ec-8d1a3ec9dfaf}\ (4 subtraces) (ID = 117920)
7:12 PM: HKCR\clsid\{6a493714-8012-621e-a09e-cd80ff52fb1f}\ (2 subtraces) (ID = 117921)
7:12 PM: HKCR\clsid\{6d793fe9-8675-897b-589b-5bcab9d3cfef}\ (4 subtraces) (ID = 117949)
7:12 PM: HKCR\clsid\{7b28cc5e-5425-8989-13a1-2929dda8cc5f}\ (4 subtraces) (ID = 117968)
7:12 PM: HKCR\clsid\{7efca545-7ab8-61bf-d7de-aea89256912c}\ (4 subtraces) (ID = 117993)
7:12 PM: HKCR\clsid\{8bb0647d-d9c2-cb7b-7651-2618bd82261b}\ (4 subtraces) (ID = 118008)
7:12 PM: HKCR\clsid\{8cd1d4d3-8260-44a7-67dd-a71e995ab77f}\ (4 subtraces) (ID = 118020)
7:12 PM: HKCR\clsid\{8d01c3c9-547a-12ee-5401-4b29f8f98176}\ (2 subtraces) (ID = 118021)
7:12 PM: HKCR\clsid\{8e183e4d-1a0c-3195-3741-bbeabe2cbcd0}\ (4 subtraces) (ID = 118028)
7:12 PM: HKCR\clsid\{8f60435f-df74-6308-e8cb-509d69906821}\ (2 subtraces) (ID = 118033)
7:12 PM: HKCR\clsid\{9a7083bd-566f-b299-344c-47abcab6f765}\ (2 subtraces) (ID = 118038)
7:12 PM: HKCR\clsid\{9a711817-cadb-fd03-ebb1-4e2fc70601c2}\ (4 subtraces) (ID = 118039)
7:12 PM: HKCR\clsid\{9d7705a4-9543-9869-8249-f62ac961bda5}\ (4 subtraces) (ID = 118057)
7:12 PM: HKCR\clsid\{9e2092b1-77db-2a6a-a476-8baa6cc65237}\ (4 subtraces) (ID = 118067)
7:12 PM: HKCR\clsid\{9e960055-cbab-522c-f6d0-3c06faa39285}\ (4 subtraces) (ID = 118070)
7:12 PM: HKCR\clsid\{9ff47b90-35d9-6f6f-3bc1-027baa23833e}\ (4 subtraces) (ID = 118078)
7:12 PM: HKCR\clsid\{10d837d7-d6ea-8bce-37fb-e58a2e09397b}\ (4 subtraces) (ID = 118080)
7:12 PM: HKCR\clsid\{12fa3d1e-6bb1-a968-d251-242ce33a798a}\ (4 subtraces) (ID = 118082)
7:12 PM: HKCR\clsid\{18bdb348-e8b0-d5a4-55f2-74fd4cb49a69}\ (4 subtraces) (ID = 118090)
7:12 PM: HKCR\clsid\{18df9808-f6c9-984b-ede3-0b7624ec452a}\ (4 subtraces) (ID = 118093)
7:12 PM: HKCR\clsid\{26f5cdb0-3add-70f3-f30f-8dd2b92d52ff}\ (4 subtraces) (ID = 118114)
7:12 PM: HKCR\clsid\{29cda41a-a8eb-6a68-bbf5-2877418d55c7}\ (4 subtraces) (ID = 118119)
7:12 PM: HKCR\clsid\{30e36b0a-ca1d-18e7-7fd2-9ba91d4d1710}\ (4 subtraces) (ID = 118126)
7:12 PM: HKCR\clsid\{32fb9a97-c47a-795a-3b47-9a97c1448dfc}\ (4 subtraces) (ID = 118132)
7:12 PM: HKCR\clsid\{35cdce87-6bd6-878a-d4c9-24118a153d34}\ (4 subtraces) (ID = 118140)
7:12 PM: HKCR\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 118148)
7:12 PM: HKCR\clsid\{38c14aa2-0708-7dad-f01c-6c0208a38be2}\ (4 subtraces) (ID = 118149)
7:12 PM: HKCR\clsid\{44a4f449-aded-a513-8ae7-5a3ddf205f49}\ (4 subtraces) (ID = 118171)
7:12 PM: HKCR\clsid\{44e45869-432d-7e42-d253-048eaf61f303}\ (2 subtraces) (ID = 118174)
7:12 PM: HKCR\clsid\{47b70b6f-a6b0-230a-43c3-9f9b5c710209}\ (2 subtraces) (ID = 118181)
7:12 PM: HKCR\clsid\{47da2122-90a1-597c-94d7-20963f392761}\ (4 subtraces) (ID = 118182)
7:12 PM: HKCR\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (2 subtraces) (ID = 118189)
7:12 PM: HKCR\clsid\{52ca0fce-f9e0-2125-6ca6-2627141a47e9}\ (4 subtraces) (ID = 118195)
7:12 PM: HKCR\clsid\{62b52b4d-547b-bfc7-9850-79709fdecf27}\ (4 subtraces) (ID = 118222)
7:12 PM: HKCR\clsid\{69a88c5e-04e5-741d-6ca2-9cb5374eb263}\ (4 subtraces) (ID = 118242)
7:12 PM: HKCR\clsid\{83cbe2fb-4038-4351-9b1c-e69bf75962aa}\ (4 subtraces) (ID = 118279)
7:12 PM: HKCR\clsid\{85e6b001-b482-61ae-78c6-6eae60d74d00}\ (2 subtraces) (ID = 118284)
7:12 PM: HKCR\clsid\{85f1c7fc-7359-d6d5-c42b-f3e410db4cad}\ (4 subtraces) (ID = 118285)
7:12 PM: HKCR\clsid\{91f43f3e-89c1-20c2-9f7f-c5907e5ddc26}\localserver32\ (1 subtraces) (ID = 118304)
7:12 PM: HKCR\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 118311)
7:12 PM: HKCR\clsid\{97e37285-b9d3-035e-821f-3ebe4f849c3d}\ (4 subtraces) (ID = 118314)
7:12 PM: HKCR\clsid\{155f178d-1b07-52bd-bf72-827f24ed9dce}\ (4 subtraces) (ID = 118327)
7:12 PM: HKCR\clsid\{430b869b-eb6e-cbd3-5e4d-6d279372aa20}\ (2 subtraces) (ID = 118384)
7:12 PM: HKCR\clsid\{714c2287-db2d-3514-4785-8ec21ba5c5f1}\ (2 subtraces) (ID = 118419)
7:12 PM: HKCR\clsid\{735ddac7-f8f1-47dd-d87a-6af0100b6a48}\ (4 subtraces) (ID = 118420)
7:12 PM: HKCR\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\ (4 subtraces) (ID = 118422)
7:12 PM: HKCR\clsid\{763fc5cf-92d8-a8be-597e-1c53c8d18d56}\ (4 subtraces) (ID = 118424)
7:12 PM: HKCR\clsid\{792a038a-9c16-9885-5b25-ce939788172a}\ (4 subtraces) (ID = 118430)
7:12 PM: HKCR\clsid\{792e2c95-aebd-d9b8-e958-ad1bb5a3d9ba}\ (4 subtraces) (ID = 118431)
7:12 PM: HKCR\clsid\{826d0369-102b-4a44-f27b-d9dcc50a8ee6}\ (4 subtraces) (ID = 118437)
7:12 PM: HKCR\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 118444)
7:12 PM: HKCR\clsid\{877dbfe0-6233-b1c4-8252-a4475bcf6dd2}\ (4 subtraces) (ID = 118447)
7:12 PM: HKCR\clsid\{932ecf21-1dcb-f962-4c70-56830e2bd255}\ (2 subtraces) (ID = 118456)
7:12 PM: HKCR\clsid\{966fa744-197f-e95e-eb31-73be39619de2}\ (4 subtraces) (ID = 118464)
7:12 PM: HKCR\clsid\{1714a690-3be3-3c63-d05d-b9e2e19a88a3}\ (4 subtraces) (ID = 118471)
7:12 PM: HKCR\clsid\{4095aaf5-bad2-a97d-d64c-566a52e35c2e}\ (4 subtraces) (ID = 118494)
7:12 PM: HKCR\clsid\{4904c579-9366-3b77-3148-9401dbd4a5aa}\ (4 subtraces) (ID = 118504)
7:12 PM: HKCR\clsid\{5932f9cb-e60e-11c7-5ba5-2cd8198cbdb4}\ (4 subtraces) (ID = 118512)
7:12 PM: HKCR\clsid\{7658c68e-7ed4-8476-ac96-729091012307}\ (4 subtraces) (ID = 118530)
7:12 PM: HKCR\clsid\{7868ec16-8c67-1dbd-6d5a-ebb325881bd9}\ (4 subtraces) (ID = 118532)
7:12 PM: HKCR\clsid\{7904d3dd-22e5-c0c1-0648-e66a3897e380}\ (4 subtraces) (ID = 118534)
7:12 PM: HKCR\clsid\{8007f30a-add5-7e61-d29c-8f166bc8a3dd}\ (4 subtraces) (ID = 118535)
7:12 PM: HKCR\clsid\{8263bb7b-dde9-23ff-589b-c8f6c675be35}\ (2 subtraces) (ID = 118543)
7:12 PM: HKCR\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 118546)
7:12 PM: HKCR\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 118562)
7:12 PM: HKCR\clsid\{12130dcb-3df4-96ec-27b9-61e0d766f680}\ (4 subtraces) (ID = 118563)
7:12 PM: HKCR\clsid\{52343dbf-cf46-b3ea-81bb-8a3dcb6b9a64}\ (4 subtraces) (ID = 118583)
7:12 PM: HKCR\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (4 subtraces) (ID = 118593)
7:12 PM: HKCR\clsid\{76321c6a-b800-93a4-24bb-b1f318d2a8e0}\ (2 subtraces) (ID = 118603)
7:12 PM: HKCR\clsid\{491288eb-d314-5571-9c18-b1eac89ade09}\ (4 subtraces) (ID = 118639)
7:12 PM: HKCR\clsid\{551764cc-abcf-335c-76f6-62283b478a0f}\ (4 subtraces) (ID = 118640)
7:12 PM: HKCR\clsid\{1082088a-e784-5093-f9a0-07e5588fa67c}\ (4 subtraces) (ID = 118664)
7:12 PM: HKCR\clsid\{1228458e-6b19-48f4-5449-a00aee93f0fc}\ (2 subtraces) (ID = 118665)
7:12 PM: HKCR\clsid\{1323178d-09e3-b628-cc3a-95630b64b7da}\ (4 subtraces) (ID = 118666)
7:12 PM: HKCR\clsid\{1486290a-90c1-388f-adc8-6bfaa6b057e8}\ (4 subtraces) (ID = 118667)
7:12 PM: HKCR\clsid\{3508830d-8a20-1c38-52a8-8dc8b11ee6f4}\ (4 subtraces) (ID = 118672)
7:12 PM: HKCR\clsid\{71476230-0b89-e69d-d223-279f989c21bb}\ (4 subtraces) (ID = 118718)
7:12 PM: HKCR\clsid\{76518006-d7c5-4c71-68f4-da79559fa482}\ (2 subtraces) (ID = 118720)
7:12 PM: HKCR\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (4 subtraces) (ID = 118745)
7:12 PM: HKCR\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (4 subtraces) (ID = 118755)
7:12 PM: HKCR\clsid\{a507c113-55e6-12cb-8ec0-ba8be1f569b2}\ (4 subtraces) (ID = 118774)
7:12 PM: HKCR\clsid\{a4405ad1-a13c-e10b-4b57-d5092b102f2b}\ (2 subtraces) (ID = 118782)
7:12 PM: HKCR\clsid\{a7737e2c-9c15-d4be-4a5b-c15b7e8c41e9}\ (4 subtraces) (ID = 118787)
7:12 PM: HKCR\clsid\{a8703447-9782-72d3-aa41-606a7e155ce5}\ (4 subtraces) (ID = 118799)
7:12 PM: HKCR\clsid\{aac06f6e-f261-4e44-cf1d-b1ea9712ef4b}\ (4 subtraces) (ID = 118802)
7:12 PM: HKCR\clsid\{abff8236-dcbd-e17b-0a69-6fd85fa199fe}\ (2 subtraces) (ID = 118812)
7:12 PM: HKCR\clsid\{aedefef1-3732-630e-951f-1cbf02877cf3}\ (4 subtraces) (ID = 118826)
7:12 PM: HKCR\clsid\{b2e28203-4884-d849-f129-5f1a3c2a59d2}\ (4 subtraces) (ID = 118841)
7:12 PM: HKCR\clsid\{b4d50626-aaf0-64ac-f1d5-8a697dd0e515}\ (4 subtraces) (ID = 118845)
7:12 PM: HKCR\clsid\{b7f4d50b-eac3-a3f3-769f-96194a8decde}\ (4 subtraces) (ID = 118852)
7:12 PM: HKCR\clsid\{b53a1210-39b9-b7a9-ec40-490716ca4a8d}\ (4 subtraces) (ID = 118864)
7:12 PM: HKCR\clsid\{b279d474-b064-dcc7-5638-6b0e0a96537c}\ (2 subtraces) (ID = 118874)
7:12 PM: HKCR\clsid\{b595a235-53a2-27d5-eff6-d0208801d071}\ (4 subtraces) (ID = 118878)
7:12 PM: HKCR\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (4 subtraces) (ID = 118884)
7:12 PM: HKCR\clsid\{ba8c901d-7125-d60e-c709-3e7f4a433a01}\ (4 subtraces) (ID = 118902)
7:12 PM: HKCR\clsid\{bc0dc8bd-646d-fa46-8739-116b4f8b8228}\ (2 subtraces) (ID = 118909)
7:12 PM: HKCR\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 118910)
7:12 PM: HKCR\clsid\{bd9a8bb0-8bf8-ec2e-5a23-8010e127e35b}\ (4 subtraces) (ID = 118916)
7:12 PM: HKCR\clsid\{be5dcdbc-54d3-95ea-b258-2d53bd817431}\ (4 subtraces) (ID = 118926)
7:12 PM: HKCR\clsid\{c092cea0-fb34-5e12-83ed-47942941decc}\ (4 subtraces) (ID = 118940)
7:12 PM: HKCR\clsid\{c21c6790-58a0-81bd-58f6-11ef55d9badf}\ (6 subtraces) (ID = 118979)
7:12 PM: HKCR\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (4 subtraces) (ID = 118987)
7:12 PM: HKCR\clsid\{c53d27e6-2a68-7cd9-a09f-541ef27b2319}\ (4 subtraces) (ID = 118990)
7:12 PM: HKCR\clsid\{c174cc42-7291-0dca-ce42-7db1c655aadd}\ (2 subtraces) (ID = 119004)
7:12 PM: HKCR\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (2 subtraces) (ID = 119009)
7:12 PM: HKCR\clsid\{c927a651-6768-ed9e-c3ed-cbd9a6cf4b22}\ (4 subtraces) (ID = 119014)
7:12 PM: HKCR\clsid\{c6986041-af54-9aef-5ea0-8c5c69d8deb3}\ (4 subtraces) (ID = 119030)
7:12 PM: HKCR\clsid\{d6c7db36-c0ac-c91f-b408-61a55e5ab6c5}\ (4 subtraces) (ID = 119094)
7:12 PM: HKCR\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (4 subtraces) (ID = 119095)
7:12 PM: HKCR\clsid\{d27dd7b4-a72b-4b66-2bd3-262b793a3c2c}\ (4 subtraces) (ID = 119105)
7:12 PM: HKCR\clsid\{d377ff80-b093-7377-d7f1-2d8792ccf322}\ (2 subtraces) (ID = 119118)
7:12 PM: HKCR\clsid\{d847dbfe-4ee2-af6c-d202-0d9795b9d820}\ (4 subtraces) (ID = 119123)
7:12 PM: HKCR\clsid\{d4451521-f203-568e-2657-c5ad1f0b1f77}\ (2 subtraces) (ID = 119139)
7:12 PM: HKCR\clsid\{da78be1d-07fe-b346-204e-c738df8c7f8d}\ (4 subtraces) (ID = 119148)
7:12 PM: HKCR\clsid\{dabff8c3-df48-f11c-290d-d7cd732b35cc}\ (2 subtraces) (ID = 119154)
7:12 PM: HKCR\clsid\{db054d56-eea3-c985-bedb-3e646a49fa44}\ (4 subtraces) (ID = 119155)
7:12 PM: HKCR\clsid\{df7066e9-8ee8-8682-f43e-2bf8e7e7d760}\ (4 subtraces) (ID = 119195)
7:12 PM: HKCR\clsid\{e8c74323-6eac-41df-4232-e6575dcce375}\ (4 subtraces) (ID = 119226)
7:12 PM: HKCR\clsid\{e36a99d7-088f-a5e8-1ba4-87116d938d49}\ (4 subtraces) (ID = 119237)
7:12 PM: HKCR\clsid\{e65fc41a-89b3-21b7-1eb6-e92da3645370}\ (2 subtraces) (ID = 119247)
7:12 PM: HKCR\clsid\{e5181bb3-b821-0d7b-d568-3766286d5460}\ (2 subtraces) (ID = 119265)
7:12 PM: HKCR\clsid\{ede4719b-ac04-9ee1-7aea-7712560b2832}\ (4 subtraces) (ID = 119314)
7:12 PM: HKCR\clsid\{ee5f21bb-197a-041b-53a6-055c6b35dd91}\ (2 subtraces) (ID = 119315)
7:12 PM: HKCR\clsid\{ee72d9b5-81c8-e738-8f1c-e3d4fed74e0d}\ (4 subtraces) (ID = 119320)
7:12 PM: HKCR\clsid\{eff18eac-64bf-91ff-8f1b-42b57350d99f}\ (4 subtraces) (ID = 119337)
7:12 PM: HKCR\clsid\{f065e398-2acb-9034-8b2a-28a827ff521f}\ (4 subtraces) (ID = 119343)
7:12 PM: HKCR\clsid\{f1b10cdc-1975-ec0c-c522-2571525e92cf}\ (4 subtraces) (ID = 119347)
7:12 PM: HKCR\clsid\{f1e91259-92c0-8767-a2e0-85139867622a}\ (2 subtraces) (ID = 119348)
7:12 PM: HKCR\clsid\{f6eb941e-9dcd-6e07-e139-d2ab90baae62}\ (4 subtraces) (ID = 119366)
7:12 PM: HKCR\clsid\{f7dfcd4f-46cd-bda8-264c-0a68205f4979}\ (2 subtraces) (ID = 119370)
7:12 PM: HKCR\clsid\{f2255af4-092c-0bf6-52cf-8484b194fcc4}\ (4 subtraces) (ID = 119399)
7:12 PM: HKCR\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 119400)
7:12 PM: HKCR\clsid\{f317424c-8ecc-86c7-5e5b-7aa1bd81d1c4}\ (2 subtraces) (ID = 119409)
7:12 PM: HKCR\clsid\{f6802757-10ab-dbc8-719a-c48394d31082}\ (2 subtraces) (ID = 119413)
7:12 PM: HKCR\clsid\{fa112fa2-b6c7-ce6a-de50-feaf22c15154}\ (4 subtraces) (ID = 119418)
7:12 PM: HKCR\clsid\{fa986cde-0fa2-33a9-ecfd-8291dfa81985}\ (4 subtraces) (ID = 119419)
7:12 PM: HKCR\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (2 subtraces) (ID = 119458)
7:12 PM: HKLM\software\classes\clsid\{0ad1a770-f33d-516e-a6bd-a3aeb8568eac}\ (4 subtraces) (ID = 119477)
7:12 PM: HKLM\software\classes\clsid\{0add4d53-b7dd-20f8-2ac9-ab9cb538a46f}\ (4 subtraces) (ID = 119478)
7:12 PM: HKLM\software\classes\clsid\{0b4f9b2c-f81d-7c42-ae33-07f0fcb846ec}\ (4 subtraces) (ID = 119482)
7:12 PM: HKLM\software\classes\clsid\{0b538ae6-8676-e13b-4cec-e6a75f19f1ef}\ (4 subtraces) (ID = 119487)
7:12 PM: HKLM\software\classes\clsid\{0e37d9e0-99e3-da14-3197-60132338963e}\ (4 subtraces) (ID = 119499)
7:12 PM: HKLM\software\classes\clsid\{029db004-6bcd-0e73-3aea-f205b565f0f8}\ (4 subtraces) (ID = 119523)
7:12 PM: HKLM\software\classes\clsid\{031788de-6282-f9cd-262a-aa22cda2b068}\ (4 subtraces) (ID = 119528)
7:12 PM: HKLM\software\classes\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 119539)
7:12 PM: HKLM\software\classes\clsid\{04d2569c-ed83-79fb-0e43-f43dfa258774}\ (4 subtraces) (ID = 119541)
7:12 PM: HKLM\software\classes\clsid\{04256906-bece-83ac-2058-27aba38b11a3}\ (4 subtraces) (ID = 119545)
7:12 PM: HKLM\software\classes\clsid\{06559367-a395-44b2-d6a0-0631d6323797}\ (4 subtraces) (ID = 119556)
7:12 PM: HKLM\software\classes\clsid\{07d80144-9372-feac-aedd-21ae8732f067}\ (4 subtraces) (ID = 119561)
7:12 PM: HKLM\software\classes\clsid\{08bfba35-c44b-38a4-2263-278430dc9376}\ (4 subtraces) (ID = 119567)
7:12 PM: HKLM\software\classes\clsid\{1b9cee94-e0d7-13cf-2da8-ca3c766eaad0}\ (4 subtraces) (ID = 119581)
7:12 PM: HKLM\software\classes\clsid\{1e920882-80ef-bd61-dbbd-0847c13d1197}\ (2 subtraces) (ID = 119603)
7:12 PM: HKLM\software\classes\clsid\{1ea0ce66-d6d5-2ceb-d734-97906011f9a8}\ (4 subtraces) (ID = 119604)
7:12 PM: HKLM\software\classes\clsid\{1f5650ba-2c95-0e8c-5c3f-d482646bf979}\ (4 subtraces) (ID = 119612)
7:12 PM: HKLM\software\classes\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (4 subtraces) (ID = 119620)
7:12 PM: HKLM\software\classes\clsid\{2b284248-d0fe-c340-0d87-abd55dd24bfa}\ (4 subtraces) (ID = 119623)
7:12 PM: HKLM\software\classes\clsid\{2bfab072-a3f3-0a97-6990-3673392b7dfc}\ (4 subtraces) (ID = 119626)
7:12 PM: HKLM\software\classes\clsid\{2d99fd34-f395-dfb0-0852-36d4976f6e3d}\ (4 subtraces) (ID = 119640)
7:12 PM: HKLM\software\classes\clsid\{3b9e0a95-3eba-124f-52d1-033c73734625}\ (4 subtraces) (ID = 119661)
7:12 PM: HKLM\software\classes\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 119680)
7:12 PM: HKLM\software\classes\clsid\{4cc6b346-9934-1c2f-1ebb-53f81823d9b4}\ (4 subtraces) (ID = 119714)
7:12 PM: HKLM\software\classes\clsid\{4f8e9fa5-37e2-683e-e18d-19ac6697532d}\ (4 subtraces) (ID = 119733)
7:12 PM: HKLM\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\ (4 subtraces) (ID = 119737)
7:12 PM: HKLM\software\classes\clsid\{4ffb405e-2d99-7374-b6d3-f0cd9dc8744e}\ (2 subtraces) (ID = 119741)
7:12 PM: HKLM\software\classes\clsid\{5b7e5c2f-7668-51a3-ba8c-f6b376755af9}\ (2 subtraces) (ID = 119750)
7:12 PM: HKLM\software\classes\clsid\{5da6ca48-7d98-bc0b-40ef-22ac6558668a}\ (4 subtraces) (ID = 119768)
7:12 PM: HKLM\software\classes\clsid\{5f32646e-6d3e-257c-2369-efd1a3a012f8}\ (4 subtraces) (ID = 119786)
7:12 PM: HKLM\software\classes\clsid\{6a389597-708b-6f9d-b6ec-8d1a3ec9dfaf}\ (4 subtraces) (ID = 119794)
7:12 PM: HKLM\software\classes\clsid\{6a493714-8012-621e-a09e-cd80ff52fb1f}\ (2 subtraces) (ID = 119795)
7:12 PM: HKLM\software\classes\clsid\{6d793fe9-8675-897b-589b-5bcab9d3cfef}\ (4 subtraces) (ID = 119823)
7:12 PM: HKLM\software\classes\clsid\{7b28cc5e-5425-8989-13a1-2929dda8cc5f}\ (4 subtraces) (ID = 119841)
7:12 PM: HKLM\software\classes\clsid\{7efca545-7ab8-61bf-d7de-aea89256912c}\ (4 subtraces) (ID = 119867)
7:12 PM: HKLM\software\classes\clsid\{8bb0647d-d9c2-cb7b-7651-2618bd82261b}\ (4 subtraces) (ID = 119882)
7:12 PM: HKLM\software\classes\clsid\{8cd1d4d3-8260-44a7-67dd-a71e995ab77f}\ (4 subtraces) (ID = 119894)
7:12 PM: HKLM\software\classes\clsid\{8d01c3c9-547a-12ee-5401-4b29f8f98176}\ (2 subtraces) (ID = 119895)
7:12 PM: HKLM\software\classes\clsid\{8e183e4d-1a0c-3195-3741-bbeabe2cbcd0}\ (4 subtraces) (ID = 119902)
7:12 PM: HKLM\software\classes\clsid\{8f60435f-df74-6308-e8cb-509d69906821}\ (2 subtraces) (ID = 119907)
7:12 PM: HKLM\software\classes\clsid\{9a7083bd-566f-b299-344c-47abcab6f765}\ (2 subtraces) (ID = 119912)
7:12 PM: HKLM\software\classes\clsid\{9a711817-cadb-fd03-ebb1-4e2fc70601c2}\ (4 subtraces) (ID = 119913)
7:12 PM: HKLM\software\classes\clsid\{9d7705a4-9543-9869-8249-f62ac961bda5}\ (4 subtraces) (ID = 119929)
7:12 PM: HKLM\software\classes\clsid\{9e2092b1-77db-2a6a-a476-8baa6cc65237}\ (4 subtraces) (ID = 119939)
7:12 PM: HKLM\software\classes\clsid\{9e960055-cbab-522c-f6d0-3c06faa39285}\ (4 subtraces) (ID = 119942)
7:12 PM: HKLM\software\classes\clsid\{9ff47b90-35d9-6f6f-3bc1-027baa23833e}\ (4 subtraces) (ID = 119950)
7:12 PM: HKLM\software\classes\clsid\{10d837d7-d6ea-8bce-37fb-e58a2e09397b}\ (4 subtraces) (ID = 119952)
7:12 PM: HKLM\software\classes\clsid\{12fa3d1e-6bb1-a968-d251-242ce33a798a}\ (4 subtraces) (ID = 119954)
7:12 PM: HKLM\software\classes\clsid\{18bdb348-e8b0-d5a4-55f2-74fd4cb49a69}\ (4 subtraces) (ID = 119961)
7:12 PM: HKLM\software\classes\clsid\{18df9808-f6c9-984b-ede3-0b7624ec452a}\ (4 subtraces) (ID = 119964)
7:12 PM: HKLM\software\classes\clsid\{26f5cdb0-3add-70f3-f30f-8dd2b92d52ff}\ (4 subtraces) (ID = 119983)
7:12 PM: HKLM\software\classes\clsid\{29cda41a-a8eb-6a68-bbf5-2877418d55c7}\ (4 subtraces) (ID = 119988)
7:12 PM: HKLM\software\classes\clsid\{30e36b0a-ca1d-18e7-7fd2-9ba91d4d1710}\ (4 subtraces) (ID = 119995)
7:12 PM: HKLM\software\classes\clsid\{32fb9a97-c47a-795a-3b47-9a97c1448dfc}\ (4 subtraces) (ID = 120001)
7:12 PM: HKLM\software\classes\clsid\{35cdce87-6bd6-878a-d4c9-24118a153d34}\ (4 subtraces) (ID = 120009)
7:12 PM: HKLM\software\classes\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 120016)
7:12 PM: HKLM\software\classes\clsid\{38c14aa2-0708-7dad-f01c-6c0208a38be2}\ (4 subtraces) (ID = 120017)
7:12 PM: HKLM\software\classes\clsid\{44a4f449-aded-a513-8ae7-5a3ddf205f49}\ (4 subtraces) (ID = 120029)
7:12 PM: HKLM\software\classes\clsid\{44e45869-432d-7e42-d253-048eaf61f303}\ (2 subtraces) (ID = 120032)
7:12 PM: HKLM\software\classes\clsid\{47b70b6f-a6b0-230a-43c3-9f9b5c710209}\ (2 subtraces) (ID = 120039)
7:12 PM: HKLM\software\classes\clsid\{47da2122-90a1-597c-94d7-20963f392761}\ (4 subtraces) (ID = 120040)
7:12 PM: HKLM\software\classes\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (2 subtraces) (ID = 120046)
7:12 PM: HKLM\software\classes\clsid\{52ca0fce-f9e0-2125-6ca6-2627141a47e9}\ (4 subtraces) (ID = 120052)
7:12 PM: HKLM\software\classes\clsid\{62b52b4d-547b-bfc7-9850-79709fdecf27}\ (4 subtraces) (ID = 120079)
7:12 PM: HKLM\software\classes\clsid\{69a88c5e-04e5-741d-6ca2-9cb5374eb263}\ (4 subtraces) (ID = 120099)
7:12 PM: HKLM\software\classes\clsid\{83cbe2fb-4038-4351-9b1c-e69bf75962aa}\ (4 subtraces) (ID = 120135)
7:12 PM: HKLM\software\classes\clsid\{85e6b001-b482-61ae-78c6-6eae60d74d00}\ (2 subtraces) (ID = 120140)
7:12 PM: HKLM\software\classes\clsid\{85f1c7fc-7359-d6d5-c42b-f3e410db4cad}\ (4 subtraces) (ID = 120141)
7:12 PM: HKLM\software\classes\clsid\{91f43f3e-89c1-20c2-9f7f-c5907e5ddc26}\localserver32\ (1 subtraces) (ID = 120160)
7:12 PM: HKLM\software\classes\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 120166)
7:12 PM: HKLM\software\classes\clsid\{97e37285-b9d3-035e-821f-3ebe4f849c3d}\ (4 subtraces) (ID = 120169)
7:12 PM: HKLM\software\classes\clsid\{155f178d-1b07-52bd-bf72-827f24ed9dce}\ (4 subtraces) (ID = 120181)
7:12 PM: HKLM\software\classes\clsid\{430b869b-eb6e-cbd3-5e4d-6d279372aa20}\ (2 subtraces) (ID = 120237)
7:12 PM: HKLM\software\classes\clsid\{714c2287-db2d-3514-4785-8ec21ba5c5f1}\ (2 subtraces) (ID = 120267)
7:12 PM: HKLM\software\classes\clsid\{735ddac7-f8f1-47dd-d87a-6af0100b6a48}\ (4 subtraces) (ID = 120268)
7:12 PM: HKLM\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\ (4 subtraces) (ID = 120270)
7:12 PM: HKLM\software\classes\clsid\{763fc5cf-92d8-a8be-597e-1c53c8d18d56}\ (4 subtraces) (ID = 120272)
7:12 PM: HKLM\software\classes\clsid\{792a038a-9c16-9885-5b25-ce939788172a}\ (4 subtraces) (ID = 120278)
7:12 PM: HKLM\software\classes\clsid\{792e2c95-aebd-d9b8-e958-ad1bb5a3d9ba}\ (4 subtraces) (ID = 120279)
7:12 PM: HKLM\software\classes\clsid\{826d0369-102b-4a44-f27b-d9dcc50a8ee6}\ (4 subtraces) (ID = 120284)
7:12 PM: HKLM\software\classes\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 120291)
7:12 PM: HKLM\software\classes\clsid\{877dbfe0-6233-b1c4-8252-a4475bcf6dd2}\ (4 subtraces) (ID = 120294)
7:12 PM: HKLM\software\classes\clsid\{932ecf21-1dcb-f962-4c70-56830e2bd255}\ (2 subtraces) (ID = 120303)
7:12 PM: HKLM\software\classes\clsid\{966fa744-197f-e95e-eb31-73be39619de2}\ (4 subtraces) (ID = 120311)
7:12 PM: HKLM\software\classes\clsid\{1714a690-3be3-3c63-d05d-b9e2e19a88a3}\ (4 subtraces) (ID = 120318)
7:12 PM: HKLM\software\classes\clsid\{4095aaf5-bad2-a97d-d64c-566a52e35c2e}\ (4 subtraces) (ID = 120341)
7:12 PM: HKLM\software\classes\clsid\{4904c579-9366-3b77-3148-9401dbd4a5aa}\ (4 subtraces) (ID = 120351)
7:12 PM: HKLM\software\classes\clsid\{5932f9cb-e60e-11c7-5ba5-2cd8198cbdb4}\localserver32\ (1 subtraces) (ID = 120359)
7:12 PM: HKLM\software\classes\clsid\{7658c68e-7ed4-8476-ac96-729091012307}\ (4 subtraces) (ID = 120377)
7:12 PM: HKLM\software\classes\clsid\{7868ec16-8c67-1dbd-6d5a-ebb325881bd9}\ (4 subtraces) (ID = 120379)
7:12 PM: HKLM\software\classes\clsid\{7904d3dd-22e5-c0c1-0648-e66a3897e380}\ (4 subtraces) (ID = 120381)
7:12 PM: HKLM\software\classes\clsid\{8007f30a-add5-7e61-d29c-8f166bc8a3dd}\ (4 subtraces) (ID = 120382)
7:12 PM: HKLM\software\classes\clsid\{8263bb7b-dde9-23ff-589b-c8f6c675be35}\ (2 subtraces) (ID = 120389)
7:12 PM: HKLM\software\classes\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 120392)
7:12 PM: HKLM\software\classes\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 120409)
7:12 PM: HKLM\software\classes\clsid\{12130dcb-3df4-96ec-27b9-61e0d766f680}\ (4 subtraces) (ID = 120410)
7:12 PM: HKLM\software\classes\clsid\{52343dbf-cf46-b3ea-81bb-8a3dcb6b9a64}\ (4 subtraces) (ID = 120430)
7:12 PM: HKLM\software\classes\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (4 subtraces) (ID = 120440)
7:12 PM: HKLM\software\classes\clsid\{76321c6a-b800-93a4-24bb-b1f318d2a8e0}\ (2 subtraces) (ID = 120450)
7:12 PM: HKLM\software\classes\clsid\{491288eb-d314-5571-9c18-b1eac89ade09}\ (4 subtraces) (ID = 120486)
7:12 PM: HKLM\software\classes\clsid\{551764cc-abcf-335c-76f6-62283b478a0f}\ (4 subtraces) (ID = 120487)
7:12 PM: HKLM\software\classes\clsid\{1082088a-e784-5093-f9a0-07e5588fa67c}\ (4 subtraces) (ID = 120510)
7:12 PM: HKLM\software\classes\clsid\{1323178d-09e3-b628-cc3a-95630b64b7da}\ (4 subtraces) (ID = 120511)
7:12 PM: HKLM\software\classes\clsid\{1486290a-90c1-388f-adc8-6bfaa6b057e8}\ (4 subtraces) (ID = 120512)
7:12 PM: HKLM\software\classes\clsid\{3508830d-8a20-1c38-52a8-8dc8b11ee6f4}\ (4 subtraces) (ID = 120517)
7:12 PM: HKLM\software\classes\clsid\{71476230-0b89-e69d-d223-279f989c21bb}\ (4 subtraces) (ID = 120559)
7:12 PM: HKLM\software\classes\clsid\{76518006-d7c5-4c71-68f4-da79559fa482}\data\ (1 subtraces) (ID = 120561)
7:12 PM: HKLM\software\classes\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (4 subtraces) (ID = 120584)
7:12 PM: HKLM\software\classes\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (4 subtraces) (ID = 120594)
7:12 PM: HKLM\software\classes\clsid\{a507c113-55e6-12cb-8ec0-ba8be1f569b2}\ (4 subtraces) (ID = 120613)
7:12 PM: HKLM\software\classes\clsid\{a4405ad1-a13c-e10b-4b57-d5092b102f2b}\ (2 subtraces) (ID = 120621)
7:12 PM: HKLM\software\classes\clsid\{a7737e2c-9c15-d4be-4a5b-c15b7e8c41e9}\ (4 subtraces) (ID = 120626)
7:12 PM: HKLM\software\classes\clsid\{a8703447-9782-72d3-aa41-606a7e155ce5}\ (4 subtraces) (ID = 120637)
7:12 PM: HKLM\software\classes\clsid\{aac06f6e-f261-4e44-cf1d-b1ea9712ef4b}\ (4 subtraces) (ID = 120640)
7:12 PM: HKLM\software\classes\clsid\{abff8236-dcbd-e17b-0a69-6fd85fa199fe}\ (2 subtraces) (ID = 120651)
7:12 PM: HKLM\software\classes\clsid\{aedefef1-3732-630e-951f-1cbf02877cf3}\ (4 subtraces) (ID = 120665)
7:12 PM: HKLM\software\classes\clsid\{b2e28203-4884-d849-f129-5f1a3c2a59d2}\ (4 subtraces) (ID = 120680)
7:12 PM: HKLM\software\classes\clsid\{b4d50626-aaf0-64ac-f1d5-8a697dd0e515}\ (4 subtraces) (ID = 120684)
7:12 PM: HKLM\software\classes\clsid\{b7f4d50b-eac3-a3f3-769f-96194a8decde}\ (4 subtraces) (ID = 120691)
7:12 PM: HKLM\software\classes\clsid\{b53a1210-39b9-b7a9-ec40-490716ca4a8d}\ (4 subtraces) (ID = 120703)
7:12 PM: HKLM\software\classes\clsid\{b279d474-b064-dcc7-5638-6b0e0a96537c}\ (2 subtraces) (ID = 120712)
7:12 PM: HKLM\software\classes\clsid\{b595a235-53a2-27d5-eff6-d0208801d071}\ (4 subtraces) (ID = 120716)
7:12 PM: HKLM\software\classes\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (4 subtraces) (ID = 120722)
7:12 PM: HKLM\software\classes\clsid\{ba8c901d-7125-d60e-c709-3e7f4a433a01}\ (4 subtraces) (ID = 120740)
7:12 PM: HKLM\software\classes\clsid\{bc0dc8bd-646d-fa46-8739-116b4f8b8228}\ (2 subtraces) (ID = 120746)
7:12 PM: HKLM\software\classes\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 120747)
7:12 PM: HKLM\software\classes\clsid\{bd9a8bb0-8bf8-ec2e-5a23-8010e127e35b}\ (4 subtraces) (ID = 120753)
7:12 PM: HKLM\software\classes\clsid\{be5dcdbc-54d3-95ea-b258-2d53bd817431}\ (4 subtraces) (ID = 120763)
7:12 PM: HKLM\software\classes\clsid\{c092cea0-fb34-5e12-83ed-47942941decc}\ (4 subtraces) (ID = 120776)
7:12 PM: HKLM\software\classes\clsid\{c21c6790-58a0-81bd-58f6-11ef55d9badf}\ (6 subtraces) (ID = 120816)
7:12 PM: HKLM\software\classes\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (4 subtraces) (ID = 120824)
7:12 PM: HKLM\software\classes\clsid\{c53d27e6-2a68-7cd9-a09f-541ef27b2319}\ (4 subtraces) (ID = 120827)
7:12 PM: HKLM\software\classes\clsid\{c174cc42-7291-0dca-ce42-7db1c655aadd}\ (2 subtraces) (ID = 120841)
7:12 PM: HKLM\software\classes\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (2 subtraces) (ID = 120846)
7:12 PM: HKLM\software\classes\clsid\{c927a651-6768-ed9e-c3ed-cbd9a6cf4b22}\ (4 subtraces) (ID = 120851)
7:12 PM: HKLM\software\classes\clsid\{c6986041-af54-9aef-5ea0-8c5c69d8deb3}\ (4 subtraces) (ID = 120867)
7:12 PM: HKLM\software\classes\clsid\{d6c7db36-c0ac-c91f-b408-61a55e5ab6c5}\ (4 subtraces) (ID = 120930)
7:12 PM: HKLM\software\classes\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (4 subtraces) (ID = 120931)
7:12 PM: HKLM\software\classes\clsid\{d27dd7b4-a72b-4b66-2bd3-262b793a3c2c}\ (4 subtraces) (ID = 120941)
7:12 PM: HKLM\software\classes\clsid\{d377ff80-b093-7377-d7f1-2d8792ccf322}\ (2 subtraces) (ID = 120954)
7:12 PM: HKLM\software\classes\clsid\{d847dbfe-4ee2-af6c-d202-0d9795b9d820}\ (4 subtraces) (ID = 120959)
7:12 PM: HKLM\software\classes\clsid\{d4451521-f203-568e-2657-c5ad1f0b1f77}\ (2 subtraces) (ID = 120975)
7:12 PM: HKLM\software\classes\clsid\{da78be1d-07fe-b346-204e-c738df8c7f8d}\ (4 subtraces) (ID = 120984)
7:12 PM: HKLM\software\classes\clsid\{dabff8c3-df48-f11c-290d-d7cd732b35cc}\ (2 subtraces) (ID = 120990)
7:12 PM: HKLM\software\classes\clsid\{db054d56-eea3-c985-bedb-3e646a49fa44}\ (4 subtraces) (ID = 120991)
7:12 PM: HKLM\software\classes\clsid\{e8c74323-6eac-41df-4232-e6575dcce375}\ (4 subtraces) (ID = 121060)
7:12 PM: HKLM\software\classes\clsid\{e36a99d7-088f-a5e8-1ba4-87116d938d49}\ (4 subtraces) (ID = 121071)
7:12 PM: HKLM\software\classes\clsid\{e65fc41a-89b3-21b7-1eb6-e92da3645370}\ (2 subtraces) (ID = 121081)
7:12 PM: HKLM\software\classes\clsid\{e5181bb3-b821-0d7b-d568-3766286d5460}\ (2 subtraces) (ID = 121098)
7:12 PM: HKLM\software\classes\clsid\{ede4719b-ac04-9ee1-7aea-7712560b2832}\ (4 subtraces) (ID = 121145)
7:12 PM: HKLM\software\classes\clsid\{ee5f21bb-197a-041b-53a6-055c6b35dd91}\ (2 subtraces) (ID = 121146)
7:12 PM: HKLM\software\classes\clsid\{ee72d9b5-81c8-e738-8f1c-e3d4fed74e0d}\ (4 subtraces) (ID = 121150)
7:12 PM: HKLM\software\classes\clsid\{eff18eac-64bf-91ff-8f1b-42b57350d99f}\ (4 subtraces) (ID = 121167)
7:12 PM: HKLM\software\classes\clsid\{f065e398-2acb-9034-8b2a-28a827ff521f}\ (4 subtraces) (ID = 121173)
7:12 PM: HKLM\software\classes\clsid\{f1b10cdc-1975-ec0c-c522-2571525e92cf}\ (4 subtraces) (ID = 121177)
7:12 PM: HKLM\software\classes\clsid\{f1e91259-92c0-8767-a2e0-85139867622a}\ (2 subtraces) (ID = 121178)
7:12 PM: HKLM\software\classes\clsid\{f6eb941e-9dcd-6e07-e139-d2ab90baae62}\ (4 subtraces) (ID = 121195)
7:12 PM: HKLM\software\classes\clsid\{f7dfcd4f-46cd-bda8-264c-0a68205f4979}\ (2 subtraces) (ID = 121199)
7:12 PM: HKLM\software\classes\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 121227)
7:12 PM: HKLM\software\classes\clsid\{f317424c-8ecc-86c7-5e5b-7aa1bd81d1c4}\ (2 subtraces) (ID = 121236)
7:12 PM: HKLM\software\classes\clsid\{f6802757-10ab-dbc8-719a-c48394d31082}\ (2 subtraces) (ID = 121240)
7:12 PM: HKLM\software\classes\clsid\{fa112fa2-b6c7-ce6a-de50-feaf22c15154}\ (4 subtraces) (ID = 121244)
7:12 PM: HKLM\software\classes\clsid\{fa986cde-0fa2-33a9-ecfd-8291dfa81985}\ (4 subtraces) (ID = 121245)
7:12 PM: HKLM\software\classes\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (2 subtraces) (ID = 121283)
7:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\brow

#7 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 23 June 2006 - 10:25 PM

My log was too long-it cut off...

Spy Sweeper log:

********
7:09 PM: | Start of Session, Friday, June 23, 2006 |
7:09 PM: Spy Sweeper started
7:09 PM: Sweep initiated using definitions version 706
7:09 PM: Starting Memory Sweep
7:12 PM: Memory Sweep Complete, Elapsed Time: 00:02:58
7:12 PM: Starting Registry Sweep
7:12 PM: Found Trojan Horse: agent.ay downloader
7:12 PM: HKCR\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (2 subtraces) (ID = 103338)
7:12 PM: HKLM\software\classes\clsid\{9ce68f0e-3b07-594f-b8a7-c0c9044ed9d4}\ (2 subtraces) (ID = 103347)
7:12 PM: Found Adware: coolwebsearch (cws)
7:12 PM: HKCR\clsid\{8bbd3feb-8f56-fa45-f83e-0589e7e09434}\ (4 subtraces) (ID = 107350)
7:12 PM: HKCR\clsid\{9e1e5c74-8a47-a3b8-9d79-4318af0fe18f}\ (2 subtraces) (ID = 107394)
7:12 PM: HKCR\clsid\{29f1d625-8bc0-9364-c57c-db62035abd50}\ (37 subtraces) (ID = 107434)
7:12 PM: HKCR\clsid\{65d75d06-7395-6352-09cd-e13b9059efe9}\ (4 subtraces) (ID = 107500)
7:12 PM: HKCR\clsid\{905bd5e4-261c-4efd-5456-cd124d7b9d18}\ (2 subtraces) (ID = 107685)
7:12 PM: HKCR\clsid\{24773bd8-e594-eb59-ae83-ff78546ede07}\ (6083 subtraces) (ID = 107766)
7:12 PM: HKCR\clsid\{72071605-48f5-cc68-b374-2cddf451f27f}\ (4 subtraces) (ID = 107873)
7:12 PM: HKCR\clsid\{a1bd0d9e-655b-cb60-6f75-1dfc720aeab9}\ (2 subtraces) (ID = 107886)
7:12 PM: HKCR\clsid\{a7d90935-7d8e-3e5d-9e71-486d629fcaad}\ (4 subtraces) (ID = 107893)
7:12 PM: HKCR\clsid\{d02510a9-69a7-24d5-85da-d3ec8e911c73}\ (4 subtraces) (ID = 108130)
7:12 PM: HKLM\software\classes\clsid\{8bbd3feb-8f56-fa45-f83e-0589e7e09434}\ (4 subtraces) (ID = 108738)
7:12 PM: HKLM\software\classes\clsid\{9e1e5c74-8a47-a3b8-9d79-4318af0fe18f}\ (2 subtraces) (ID = 108781)
7:12 PM: HKLM\software\classes\clsid\{29f1d625-8bc0-9364-c57c-db62035abd50}\ (37 subtraces) (ID = 108821)
7:12 PM: HKLM\software\classes\clsid\{65d75d06-7395-6352-09cd-e13b9059efe9}\ (4 subtraces) (ID = 108887)
7:12 PM: HKLM\software\classes\clsid\{905bd5e4-261c-4efd-5456-cd124d7b9d18}\ (2 subtraces) (ID = 109069)
7:12 PM: HKLM\software\classes\clsid\{24773bd8-e594-eb59-ae83-ff78546ede07}\ (6083 subtraces) (ID = 109150)
7:12 PM: HKLM\software\classes\clsid\{72071605-48f5-cc68-b374-2cddf451f27f}\ (4 subtraces) (ID = 109257)
7:12 PM: HKLM\software\classes\clsid\{a1bd0d9e-655b-cb60-6f75-1dfc720aeab9}\ (2 subtraces) (ID = 109269)
7:12 PM: HKLM\software\classes\clsid\{a7d90935-7d8e-3e5d-9e71-486d629fcaad}\ (4 subtraces) (ID = 109276)
7:12 PM: HKLM\software\classes\clsid\{d02510a9-69a7-24d5-85da-d3ec8e911c73}\ (4 subtraces) (ID = 109513)
7:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{8a0b6039-9c48-66d5-8bfb-9f32f71c1612}\ (1 subtraces) (ID = 111385)
7:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{12feff17-907f-d9d8-2f06-fec8f3c36a99}\ (1 subtraces) (ID = 111448)
7:12 PM: Found Adware: cws-aboutblank
7:12 PM: HKCR\clsid\{b38f516e-48f2-cdbb-7d76-e0cfbcdbee45}\ (2 subtraces) (ID = 113906)
7:12 PM: HKLM\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115926)
7:12 PM: Found Adware: cws_hotoffers_desktophijacker
7:12 PM: HKCR\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\ (2 subtraces) (ID = 117239)
7:12 PM: HKLM\software\classes\clsid\{646e0cf3-7459-b02d-6848-af1a15ea194e}\ (2 subtraces) (ID = 117242)
7:12 PM: Found Adware: cws_ns3
7:12 PM: HKCR\clsid\{0ad1a770-f33d-516e-a6bd-a3aeb8568eac}\ (4 subtraces) (ID = 117596)
7:12 PM: HKCR\clsid\{0add4d53-b7dd-20f8-2ac9-ab9cb538a46f}\ (4 subtraces) (ID = 117597)
7:12 PM: HKCR\clsid\{0b4f9b2c-f81d-7c42-ae33-07f0fcb846ec}\ (4 subtraces) (ID = 117601)
7:12 PM: HKCR\clsid\{0b538ae6-8676-e13b-4cec-e6a75f19f1ef}\ (4 subtraces) (ID = 117607)
7:12 PM: HKCR\clsid\{0b2910b5-8ae6-8676-e13b-4cec5e6a75f1}\ (4 subtraces) (ID = 117608)
7:12 PM: HKCR\clsid\{0e37d9e0-99e3-da14-3197-60132338963e}\ (4 subtraces) (ID = 117620)
7:12 PM: HKCR\clsid\{029db004-6bcd-0e73-3aea-f205b565f0f8}\ (4 subtraces) (ID = 117644)
7:12 PM: HKCR\clsid\{031788de-6282-f9cd-262a-aa22cda2b068}\ (4 subtraces) (ID = 117649)
7:12 PM: HKCR\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 117661)
7:12 PM: HKCR\clsid\{04d2569c-ed83-79fb-0e43-f43dfa258774}\ (4 subtraces) (ID = 117663)
7:12 PM: HKCR\clsid\{04256906-bece-83ac-2058-27aba38b11a3}\ (4 subtraces) (ID = 117668)
7:12 PM: HKCR\clsid\{06559367-a395-44b2-d6a0-0631d6323797}\ (4 subtraces) (ID = 117680)
7:12 PM: HKCR\clsid\{07d80144-9372-feac-aedd-21ae8732f067}\ (4 subtraces) (ID = 117685)
7:12 PM: HKCR\clsid\{08bfba35-c44b-38a4-2263-278430dc9376}\ (4 subtraces) (ID = 117691)
7:12 PM: HKCR\clsid\{1b9cee94-e0d7-13cf-2da8-ca3c766eaad0}\ (4 subtraces) (ID = 117706)
7:12 PM: HKCR\clsid\{1e920882-80ef-bd61-dbbd-0847c13d1197}\ (2 subtraces) (ID = 117728)
7:12 PM: HKCR\clsid\{1ea0ce66-d6d5-2ceb-d734-97906011f9a8}\ (4 subtraces) (ID = 117729)
7:12 PM: HKCR\clsid\{1f5650ba-2c95-0e8c-5c3f-d482646bf979}\ (4 subtraces) (ID = 117737)
7:12 PM: HKCR\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (4 subtraces) (ID = 117744)
7:12 PM: HKCR\clsid\{2b284248-d0fe-c340-0d87-abd55dd24bfa}\ (4 subtraces) (ID = 117747)
7:12 PM: HKCR\clsid\{2bfab072-a3f3-0a97-6990-3673392b7dfc}\ (4 subtraces) (ID = 117750)
7:12 PM: HKCR\clsid\{2d7c78d3-f49a-8bd3-9a98-41f319d802b2}\ (4 subtraces) (ID = 117760)
7:12 PM: HKCR\clsid\{2d99fd34-f395-dfb0-0852-36d4976f6e3d}\ (4 subtraces) (ID = 117765)
7:12 PM: HKCR\clsid\{3b9e0a95-3eba-124f-52d1-033c73734625}\ (4 subtraces) (ID = 117788)
7:12 PM: HKCR\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 117807)
7:12 PM: HKCR\clsid\{4cc6b346-9934-1c2f-1ebb-53f81823d9b4}\ (4 subtraces) (ID = 117841)
7:12 PM: HKCR\clsid\{4f8e9fa5-37e2-683e-e18d-19ac6697532d}\ (4 subtraces) (ID = 117861)
7:12 PM: HKCR\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\ (4 subtraces) (ID = 117864)
7:12 PM: HKCR\clsid\{4ffb405e-2d99-7374-b6d3-f0cd9dc8744e}\ (2 subtraces) (ID = 117868)
7:12 PM: HKCR\clsid\{5b7e5c2f-7668-51a3-ba8c-f6b376755af9}\ (2 subtraces) (ID = 117877)
7:12 PM: HKCR\clsid\{5da6ca48-7d98-bc0b-40ef-22ac6558668a}\ (4 subtraces) (ID = 117892)
7:12 PM: HKCR\clsid\{5f32646e-6d3e-257c-2369-efd1a3a012f8}\ (4 subtraces) (ID = 117911)
7:12 PM: HKCR\clsid\{6a389597-708b-6f9d-b6ec-8d1a3ec9dfaf}\ (4 subtraces) (ID = 117920)
7:12 PM: HKCR\clsid\{6a493714-8012-621e-a09e-cd80ff52fb1f}\ (2 subtraces) (ID = 117921)
7:12 PM: HKCR\clsid\{6d793fe9-8675-897b-589b-5bcab9d3cfef}\ (4 subtraces) (ID = 117949)
7:12 PM: HKCR\clsid\{7b28cc5e-5425-8989-13a1-2929dda8cc5f}\ (4 subtraces) (ID = 117968)
7:12 PM: HKCR\clsid\{7efca545-7ab8-61bf-d7de-aea89256912c}\ (4 subtraces) (ID = 117993)
7:12 PM: HKCR\clsid\{8bb0647d-d9c2-cb7b-7651-2618bd82261b}\ (4 subtraces) (ID = 118008)
7:12 PM: HKCR\clsid\{8cd1d4d3-8260-44a7-67dd-a71e995ab77f}\ (4 subtraces) (ID = 118020)
7:12 PM: HKCR\clsid\{8d01c3c9-547a-12ee-5401-4b29f8f98176}\ (2 subtraces) (ID = 118021)
7:12 PM: HKCR\clsid\{8e183e4d-1a0c-3195-3741-bbeabe2cbcd0}\ (4 subtraces) (ID = 118028)
7:12 PM: HKCR\clsid\{8f60435f-df74-6308-e8cb-509d69906821}\ (2 subtraces) (ID = 118033)
7:12 PM: HKCR\clsid\{9a7083bd-566f-b299-344c-47abcab6f765}\ (2 subtraces) (ID = 118038)
7:12 PM: HKCR\clsid\{9a711817-cadb-fd03-ebb1-4e2fc70601c2}\ (4 subtraces) (ID = 118039)
7:12 PM: HKCR\clsid\{9d7705a4-9543-9869-8249-f62ac961bda5}\ (4 subtraces) (ID = 118057)
7:12 PM: HKCR\clsid\{9e2092b1-77db-2a6a-a476-8baa6cc65237}\ (4 subtraces) (ID = 118067)
7:12 PM: HKCR\clsid\{9e960055-cbab-522c-f6d0-3c06faa39285}\ (4 subtraces) (ID = 118070)
7:12 PM: HKCR\clsid\{9ff47b90-35d9-6f6f-3bc1-027baa23833e}\ (4 subtraces) (ID = 118078)
7:12 PM: HKCR\clsid\{10d837d7-d6ea-8bce-37fb-e58a2e09397b}\ (4 subtraces) (ID = 118080)
7:12 PM: HKCR\clsid\{12fa3d1e-6bb1-a968-d251-242ce33a798a}\ (4 subtraces) (ID = 118082)
7:12 PM: HKCR\clsid\{18bdb348-e8b0-d5a4-55f2-74fd4cb49a69}\ (4 subtraces) (ID = 118090)
7:12 PM: HKCR\clsid\{18df9808-f6c9-984b-ede3-0b7624ec452a}\ (4 subtraces) (ID = 118093)
7:12 PM: HKCR\clsid\{26f5cdb0-3add-70f3-f30f-8dd2b92d52ff}\ (4 subtraces) (ID = 118114)
7:12 PM: HKCR\clsid\{29cda41a-a8eb-6a68-bbf5-2877418d55c7}\ (4 subtraces) (ID = 118119)
7:12 PM: HKCR\clsid\{30e36b0a-ca1d-18e7-7fd2-9ba91d4d1710}\ (4 subtraces) (ID = 118126)
7:12 PM: HKCR\clsid\{32fb9a97-c47a-795a-3b47-9a97c1448dfc}\ (4 subtraces) (ID = 118132)
7:12 PM: HKCR\clsid\{35cdce87-6bd6-878a-d4c9-24118a153d34}\ (4 subtraces) (ID = 118140)
7:12 PM: HKCR\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 118148)
7:12 PM: HKCR\clsid\{38c14aa2-0708-7dad-f01c-6c0208a38be2}\ (4 subtraces) (ID = 118149)
7:12 PM: HKCR\clsid\{44a4f449-aded-a513-8ae7-5a3ddf205f49}\ (4 subtraces) (ID = 118171)
7:12 PM: HKCR\clsid\{44e45869-432d-7e42-d253-048eaf61f303}\ (2 subtraces) (ID = 118174)
7:12 PM: HKCR\clsid\{47b70b6f-a6b0-230a-43c3-9f9b5c710209}\ (2 subtraces) (ID = 118181)
7:12 PM: HKCR\clsid\{47da2122-90a1-597c-94d7-20963f392761}\ (4 subtraces) (ID = 118182)
7:12 PM: HKCR\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (2 subtraces) (ID = 118189)
7:12 PM: HKCR\clsid\{52ca0fce-f9e0-2125-6ca6-2627141a47e9}\ (4 subtraces) (ID = 118195)
7:12 PM: HKCR\clsid\{62b52b4d-547b-bfc7-9850-79709fdecf27}\ (4 subtraces) (ID = 118222)
7:12 PM: HKCR\clsid\{69a88c5e-04e5-741d-6ca2-9cb5374eb263}\ (4 subtraces) (ID = 118242)
7:12 PM: HKCR\clsid\{83cbe2fb-4038-4351-9b1c-e69bf75962aa}\ (4 subtraces) (ID = 118279)
7:12 PM: HKCR\clsid\{85e6b001-b482-61ae-78c6-6eae60d74d00}\ (2 subtraces) (ID = 118284)
7:12 PM: HKCR\clsid\{85f1c7fc-7359-d6d5-c42b-f3e410db4cad}\ (4 subtraces) (ID = 118285)
7:12 PM: HKCR\clsid\{91f43f3e-89c1-20c2-9f7f-c5907e5ddc26}\localserver32\ (1 subtraces) (ID = 118304)
7:12 PM: HKCR\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 118311)
7:12 PM: HKCR\clsid\{97e37285-b9d3-035e-821f-3ebe4f849c3d}\ (4 subtraces) (ID = 118314)
7:12 PM: HKCR\clsid\{155f178d-1b07-52bd-bf72-827f24ed9dce}\ (4 subtraces) (ID = 118327)
7:12 PM: HKCR\clsid\{430b869b-eb6e-cbd3-5e4d-6d279372aa20}\ (2 subtraces) (ID = 118384)
7:12 PM: HKCR\clsid\{714c2287-db2d-3514-4785-8ec21ba5c5f1}\ (2 subtraces) (ID = 118419)
7:12 PM: HKCR\clsid\{735ddac7-f8f1-47dd-d87a-6af0100b6a48}\ (4 subtraces) (ID = 118420)
7:12 PM: HKCR\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\ (4 subtraces) (ID = 118422)
7:12 PM: HKCR\clsid\{763fc5cf-92d8-a8be-597e-1c53c8d18d56}\ (4 subtraces) (ID = 118424)
7:12 PM: HKCR\clsid\{792a038a-9c16-9885-5b25-ce939788172a}\ (4 subtraces) (ID = 118430)
7:12 PM: HKCR\clsid\{792e2c95-aebd-d9b8-e958-ad1bb5a3d9ba}\ (4 subtraces) (ID = 118431)
7:12 PM: HKCR\clsid\{826d0369-102b-4a44-f27b-d9dcc50a8ee6}\ (4 subtraces) (ID = 118437)
7:12 PM: HKCR\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 118444)
7:12 PM: HKCR\clsid\{877dbfe0-6233-b1c4-8252-a4475bcf6dd2}\ (4 subtraces) (ID = 118447)
7:12 PM: HKCR\clsid\{932ecf21-1dcb-f962-4c70-56830e2bd255}\ (2 subtraces) (ID = 118456)
7:12 PM: HKCR\clsid\{966fa744-197f-e95e-eb31-73be39619de2}\ (4 subtraces) (ID = 118464)
7:12 PM: HKCR\clsid\{1714a690-3be3-3c63-d05d-b9e2e19a88a3}\ (4 subtraces) (ID = 118471)
7:12 PM: HKCR\clsid\{4095aaf5-bad2-a97d-d64c-566a52e35c2e}\ (4 subtraces) (ID = 118494)
7:12 PM: HKCR\clsid\{4904c579-9366-3b77-3148-9401dbd4a5aa}\ (4 subtraces) (ID = 118504)
7:12 PM: HKCR\clsid\{5932f9cb-e60e-11c7-5ba5-2cd8198cbdb4}\ (4 subtraces) (ID = 118512)
7:12 PM: HKCR\clsid\{7658c68e-7ed4-8476-ac96-729091012307}\ (4 subtraces) (ID = 118530)
7:12 PM: HKCR\clsid\{7868ec16-8c67-1dbd-6d5a-ebb325881bd9}\ (4 subtraces) (ID = 118532)
7:12 PM: HKCR\clsid\{7904d3dd-22e5-c0c1-0648-e66a3897e380}\ (4 subtraces) (ID = 118534)
7:12 PM: HKCR\clsid\{8007f30a-add5-7e61-d29c-8f166bc8a3dd}\ (4 subtraces) (ID = 118535)
7:12 PM: HKCR\clsid\{8263bb7b-dde9-23ff-589b-c8f6c675be35}\ (2 subtraces) (ID = 118543)
7:12 PM: HKCR\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 118546)
7:12 PM: HKCR\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 118562)
7:12 PM: HKCR\clsid\{12130dcb-3df4-96ec-27b9-61e0d766f680}\ (4 subtraces) (ID = 118563)
7:12 PM: HKCR\clsid\{52343dbf-cf46-b3ea-81bb-8a3dcb6b9a64}\ (4 subtraces) (ID = 118583)
7:12 PM: HKCR\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (4 subtraces) (ID = 118593)
7:12 PM: HKCR\clsid\{76321c6a-b800-93a4-24bb-b1f318d2a8e0}\ (2 subtraces) (ID = 118603)
7:12 PM: HKCR\clsid\{491288eb-d314-5571-9c18-b1eac89ade09}\ (4 subtraces) (ID = 118639)
7:12 PM: HKCR\clsid\{551764cc-abcf-335c-76f6-62283b478a0f}\ (4 subtraces) (ID = 118640)
7:12 PM: HKCR\clsid\{1082088a-e784-5093-f9a0-07e5588fa67c}\ (4 subtraces) (ID = 118664)
7:12 PM: HKCR\clsid\{1228458e-6b19-48f4-5449-a00aee93f0fc}\ (2 subtraces) (ID = 118665)
7:12 PM: HKCR\clsid\{1323178d-09e3-b628-cc3a-95630b64b7da}\ (4 subtraces) (ID = 118666)
7:12 PM: HKCR\clsid\{1486290a-90c1-388f-adc8-6bfaa6b057e8}\ (4 subtraces) (ID = 118667)
7:12 PM: HKCR\clsid\{3508830d-8a20-1c38-52a8-8dc8b11ee6f4}\ (4 subtraces) (ID = 118672)
7:12 PM: HKCR\clsid\{71476230-0b89-e69d-d223-279f989c21bb}\ (4 subtraces) (ID = 118718)
7:12 PM: HKCR\clsid\{76518006-d7c5-4c71-68f4-da79559fa482}\ (2 subtraces) (ID = 118720)
7:12 PM: HKCR\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (4 subtraces) (ID = 118745)
7:12 PM: HKCR\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (4 subtraces) (ID = 118755)
7:12 PM: HKCR\clsid\{a507c113-55e6-12cb-8ec0-ba8be1f569b2}\ (4 subtraces) (ID = 118774)
7:12 PM: HKCR\clsid\{a4405ad1-a13c-e10b-4b57-d5092b102f2b}\ (2 subtraces) (ID = 118782)
7:12 PM: HKCR\clsid\{a7737e2c-9c15-d4be-4a5b-c15b7e8c41e9}\ (4 subtraces) (ID = 118787)
7:12 PM: HKCR\clsid\{a8703447-9782-72d3-aa41-606a7e155ce5}\ (4 subtraces) (ID = 118799)
7:12 PM: HKCR\clsid\{aac06f6e-f261-4e44-cf1d-b1ea9712ef4b}\ (4 subtraces) (ID = 118802)
7:12 PM: HKCR\clsid\{abff8236-dcbd-e17b-0a69-6fd85fa199fe}\ (2 subtraces) (ID = 118812)
7:12 PM: HKCR\clsid\{aedefef1-3732-630e-951f-1cbf02877cf3}\ (4 subtraces) (ID = 118826)
7:12 PM: HKCR\clsid\{b2e28203-4884-d849-f129-5f1a3c2a59d2}\ (4 subtraces) (ID = 118841)
7:12 PM: HKCR\clsid\{b4d50626-aaf0-64ac-f1d5-8a697dd0e515}\ (4 subtraces) (ID = 118845)
7:12 PM: HKCR\clsid\{b7f4d50b-eac3-a3f3-769f-96194a8decde}\ (4 subtraces) (ID = 118852)
7:12 PM: HKCR\clsid\{b53a1210-39b9-b7a9-ec40-490716ca4a8d}\ (4 subtraces) (ID = 118864)
7:12 PM: HKCR\clsid\{b279d474-b064-dcc7-5638-6b0e0a96537c}\ (2 subtraces) (ID = 118874)
7:12 PM: HKCR\clsid\{b595a235-53a2-27d5-eff6-d0208801d071}\ (4 subtraces) (ID = 118878)
7:12 PM: HKCR\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (4 subtraces) (ID = 118884)
7:12 PM: HKCR\clsid\{ba8c901d-7125-d60e-c709-3e7f4a433a01}\ (4 subtraces) (ID = 118902)
7:12 PM: HKCR\clsid\{bc0dc8bd-646d-fa46-8739-116b4f8b8228}\ (2 subtraces) (ID = 118909)
7:12 PM: HKCR\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 118910)
7:12 PM: HKCR\clsid\{bd9a8bb0-8bf8-ec2e-5a23-8010e127e35b}\ (4 subtraces) (ID = 118916)
7:12 PM: HKCR\clsid\{be5dcdbc-54d3-95ea-b258-2d53bd817431}\ (4 subtraces) (ID = 118926)
7:12 PM: HKCR\clsid\{c092cea0-fb34-5e12-83ed-47942941decc}\ (4 subtraces) (ID = 118940)
7:12 PM: HKCR\clsid\{c21c6790-58a0-81bd-58f6-11ef55d9badf}\ (6 subtraces) (ID = 118979)
7:12 PM: HKCR\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (4 subtraces) (ID = 118987)
7:12 PM: HKCR\clsid\{c53d27e6-2a68-7cd9-a09f-541ef27b2319}\ (4 subtraces) (ID = 118990)
7:12 PM: HKCR\clsid\{c174cc42-7291-0dca-ce42-7db1c655aadd}\ (2 subtraces) (ID = 119004)
7:12 PM: HKCR\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (2 subtraces) (ID = 119009)
7:12 PM: HKCR\clsid\{c927a651-6768-ed9e-c3ed-cbd9a6cf4b22}\ (4 subtraces) (ID = 119014)
7:12 PM: HKCR\clsid\{c6986041-af54-9aef-5ea0-8c5c69d8deb3}\ (4 subtraces) (ID = 119030)
7:12 PM: HKCR\clsid\{d6c7db36-c0ac-c91f-b408-61a55e5ab6c5}\ (4 subtraces) (ID = 119094)
7:12 PM: HKCR\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (4 subtraces) (ID = 119095)
7:12 PM: HKCR\clsid\{d27dd7b4-a72b-4b66-2bd3-262b793a3c2c}\ (4 subtraces) (ID = 119105)
7:12 PM: HKCR\clsid\{d377ff80-b093-7377-d7f1-2d8792ccf322}\ (2 subtraces) (ID = 119118)
7:12 PM: HKCR\clsid\{d847dbfe-4ee2-af6c-d202-0d9795b9d820}\ (4 subtraces) (ID = 119123)
7:12 PM: HKCR\clsid\{d4451521-f203-568e-2657-c5ad1f0b1f77}\ (2 subtraces) (ID = 119139)
7:12 PM: HKCR\clsid\{da78be1d-07fe-b346-204e-c738df8c7f8d}\ (4 subtraces) (ID = 119148)
7:12 PM: HKCR\clsid\{dabff8c3-df48-f11c-290d-d7cd732b35cc}\ (2 subtraces) (ID = 119154)
7:12 PM: HKCR\clsid\{db054d56-eea3-c985-bedb-3e646a49fa44}\ (4 subtraces) (ID = 119155)
7:12 PM: HKCR\clsid\{df7066e9-8ee8-8682-f43e-2bf8e7e7d760}\ (4 subtraces) (ID = 119195)
7:12 PM: HKCR\clsid\{e8c74323-6eac-41df-4232-e6575dcce375}\ (4 subtraces) (ID = 119226)
7:12 PM: HKCR\clsid\{e36a99d7-088f-a5e8-1ba4-87116d938d49}\ (4 subtraces) (ID = 119237)
7:12 PM: HKCR\clsid\{e65fc41a-89b3-21b7-1eb6-e92da3645370}\ (2 subtraces) (ID = 119247)
7:12 PM: HKCR\clsid\{e5181bb3-b821-0d7b-d568-3766286d5460}\ (2 subtraces) (ID = 119265)
7:12 PM: HKCR\clsid\{ede4719b-ac04-9ee1-7aea-7712560b2832}\ (4 subtraces) (ID = 119314)
7:12 PM: HKCR\clsid\{ee5f21bb-197a-041b-53a6-055c6b35dd91}\ (2 subtraces) (ID = 119315)
7:12 PM: HKCR\clsid\{ee72d9b5-81c8-e738-8f1c-e3d4fed74e0d}\ (4 subtraces) (ID = 119320)
7:12 PM: HKCR\clsid\{eff18eac-64bf-91ff-8f1b-42b57350d99f}\ (4 subtraces) (ID = 119337)
7:12 PM: HKCR\clsid\{f065e398-2acb-9034-8b2a-28a827ff521f}\ (4 subtraces) (ID = 119343)
7:12 PM: HKCR\clsid\{f1b10cdc-1975-ec0c-c522-2571525e92cf}\ (4 subtraces) (ID = 119347)
7:12 PM: HKCR\clsid\{f1e91259-92c0-8767-a2e0-85139867622a}\ (2 subtraces) (ID = 119348)
7:12 PM: HKCR\clsid\{f6eb941e-9dcd-6e07-e139-d2ab90baae62}\ (4 subtraces) (ID = 119366)
7:12 PM: HKCR\clsid\{f7dfcd4f-46cd-bda8-264c-0a68205f4979}\ (2 subtraces) (ID = 119370)
7:12 PM: HKCR\clsid\{f2255af4-092c-0bf6-52cf-8484b194fcc4}\ (4 subtraces) (ID = 119399)
7:12 PM: HKCR\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 119400)
7:12 PM: HKCR\clsid\{f317424c-8ecc-86c7-5e5b-7aa1bd81d1c4}\ (2 subtraces) (ID = 119409)
7:12 PM: HKCR\clsid\{f6802757-10ab-dbc8-719a-c48394d31082}\ (2 subtraces) (ID = 119413)
7:12 PM: HKCR\clsid\{fa112fa2-b6c7-ce6a-de50-feaf22c15154}\ (4 subtraces) (ID = 119418)
7:12 PM: HKCR\clsid\{fa986cde-0fa2-33a9-ecfd-8291dfa81985}\ (4 subtraces) (ID = 119419)
7:12 PM: HKCR\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (2 subtraces) (ID = 119458)
7:12 PM: HKLM\software\classes\clsid\{0ad1a770-f33d-516e-a6bd-a3aeb8568eac}\ (4 subtraces) (ID = 119477)
7:12 PM: HKLM\software\classes\clsid\{0add4d53-b7dd-20f8-2ac9-ab9cb538a46f}\ (4 subtraces) (ID = 119478)
7:12 PM: HKLM\software\classes\clsid\{0b4f9b2c-f81d-7c42-ae33-07f0fcb846ec}\ (4 subtraces) (ID = 119482)
7:12 PM: HKLM\software\classes\clsid\{0b538ae6-8676-e13b-4cec-e6a75f19f1ef}\ (4 subtraces) (ID = 119487)
7:12 PM: HKLM\software\classes\clsid\{0e37d9e0-99e3-da14-3197-60132338963e}\ (4 subtraces) (ID = 119499)
7:12 PM: HKLM\software\classes\clsid\{029db004-6bcd-0e73-3aea-f205b565f0f8}\ (4 subtraces) (ID = 119523)
7:12 PM: HKLM\software\classes\clsid\{031788de-6282-f9cd-262a-aa22cda2b068}\ (4 subtraces) (ID = 119528)
7:12 PM: HKLM\software\classes\clsid\{04cb6006-ab79-1366-4ef1-bff815b874ee}\ (4 subtraces) (ID = 119539)
7:12 PM: HKLM\software\classes\clsid\{04d2569c-ed83-79fb-0e43-f43dfa258774}\ (4 subtraces) (ID = 119541)
7:12 PM: HKLM\software\classes\clsid\{04256906-bece-83ac-2058-27aba38b11a3}\ (4 subtraces) (ID = 119545)
7:12 PM: HKLM\software\classes\clsid\{06559367-a395-44b2-d6a0-0631d6323797}\ (4 subtraces) (ID = 119556)
7:12 PM: HKLM\software\classes\clsid\{07d80144-9372-feac-aedd-21ae8732f067}\ (4 subtraces) (ID = 119561)
7:12 PM: HKLM\software\classes\clsid\{08bfba35-c44b-38a4-2263-278430dc9376}\ (4 subtraces) (ID = 119567)
7:12 PM: HKLM\software\classes\clsid\{1b9cee94-e0d7-13cf-2da8-ca3c766eaad0}\ (4 subtraces) (ID = 119581)
7:12 PM: HKLM\software\classes\clsid\{1e920882-80ef-bd61-dbbd-0847c13d1197}\ (2 subtraces) (ID = 119603)
7:12 PM: HKLM\software\classes\clsid\{1ea0ce66-d6d5-2ceb-d734-97906011f9a8}\ (4 subtraces) (ID = 119604)
7:12 PM: HKLM\software\classes\clsid\{1f5650ba-2c95-0e8c-5c3f-d482646bf979}\ (4 subtraces) (ID = 119612)
7:12 PM: HKLM\software\classes\clsid\{2b5a2313-ae67-454e-9a8b-f74070e57f1b}\ (4 subtraces) (ID = 119620)
7:12 PM: HKLM\software\classes\clsid\{2b284248-d0fe-c340-0d87-abd55dd24bfa}\ (4 subtraces) (ID = 119623)
7:12 PM: HKLM\software\classes\clsid\{2bfab072-a3f3-0a97-6990-3673392b7dfc}\ (4 subtraces) (ID = 119626)
7:12 PM: HKLM\software\classes\clsid\{2d99fd34-f395-dfb0-0852-36d4976f6e3d}\ (4 subtraces) (ID = 119640)
7:12 PM: HKLM\software\classes\clsid\{3b9e0a95-3eba-124f-52d1-033c73734625}\ (4 subtraces) (ID = 119661)
7:12 PM: HKLM\software\classes\clsid\{3e8aea49-2882-96d1-d4b0-d1ea3e4eefd2}\ (4 subtraces) (ID = 119680)
7:12 PM: HKLM\software\classes\clsid\{4cc6b346-9934-1c2f-1ebb-53f81823d9b4}\ (4 subtraces) (ID = 119714)
7:12 PM: HKLM\software\classes\clsid\{4f8e9fa5-37e2-683e-e18d-19ac6697532d}\ (4 subtraces) (ID = 119733)
7:12 PM: HKLM\software\classes\clsid\{4fbfbe36-bc17-cab4-ca0b-1f18dd30b292}\ (4 subtraces) (ID = 119737)
7:12 PM: HKLM\software\classes\clsid\{4ffb405e-2d99-7374-b6d3-f0cd9dc8744e}\ (2 subtraces) (ID = 119741)
7:12 PM: HKLM\software\classes\clsid\{5b7e5c2f-7668-51a3-ba8c-f6b376755af9}\ (2 subtraces) (ID = 119750)
7:12 PM: HKLM\software\classes\clsid\{5da6ca48-7d98-bc0b-40ef-22ac6558668a}\ (4 subtraces) (ID = 119768)
7:12 PM: HKLM\software\classes\clsid\{5f32646e-6d3e-257c-2369-efd1a3a012f8}\ (4 subtraces) (ID = 119786)
7:12 PM: HKLM\software\classes\clsid\{6a389597-708b-6f9d-b6ec-8d1a3ec9dfaf}\ (4 subtraces) (ID = 119794)
7:12 PM: HKLM\software\classes\clsid\{6a493714-8012-621e-a09e-cd80ff52fb1f}\ (2 subtraces) (ID = 119795)
7:12 PM: HKLM\software\classes\clsid\{6d793fe9-8675-897b-589b-5bcab9d3cfef}\ (4 subtraces) (ID = 119823)
7:12 PM: HKLM\software\classes\clsid\{7b28cc5e-5425-8989-13a1-2929dda8cc5f}\ (4 subtraces) (ID = 119841)
7:12 PM: HKLM\software\classes\clsid\{7efca545-7ab8-61bf-d7de-aea89256912c}\ (4 subtraces) (ID = 119867)
7:12 PM: HKLM\software\classes\clsid\{8bb0647d-d9c2-cb7b-7651-2618bd82261b}\ (4 subtraces) (ID = 119882)
7:12 PM: HKLM\software\classes\clsid\{8cd1d4d3-8260-44a7-67dd-a71e995ab77f}\ (4 subtraces) (ID = 119894)
7:12 PM: HKLM\software\classes\clsid\{8d01c3c9-547a-12ee-5401-4b29f8f98176}\ (2 subtraces) (ID = 119895)
7:12 PM: HKLM\software\classes\clsid\{8e183e4d-1a0c-3195-3741-bbeabe2cbcd0}\ (4 subtraces) (ID = 119902)
7:12 PM: HKLM\software\classes\clsid\{8f60435f-df74-6308-e8cb-509d69906821}\ (2 subtraces) (ID = 119907)
7:12 PM: HKLM\software\classes\clsid\{9a7083bd-566f-b299-344c-47abcab6f765}\ (2 subtraces) (ID = 119912)
7:12 PM: HKLM\software\classes\clsid\{9a711817-cadb-fd03-ebb1-4e2fc70601c2}\ (4 subtraces) (ID = 119913)
7:12 PM: HKLM\software\classes\clsid\{9d7705a4-9543-9869-8249-f62ac961bda5}\ (4 subtraces) (ID = 119929)
7:12 PM: HKLM\software\classes\clsid\{9e2092b1-77db-2a6a-a476-8baa6cc65237}\ (4 subtraces) (ID = 119939)
7:12 PM: HKLM\software\classes\clsid\{9e960055-cbab-522c-f6d0-3c06faa39285}\ (4 subtraces) (ID = 119942)
7:12 PM: HKLM\software\classes\clsid\{9ff47b90-35d9-6f6f-3bc1-027baa23833e}\ (4 subtraces) (ID = 119950)
7:12 PM: HKLM\software\classes\clsid\{10d837d7-d6ea-8bce-37fb-e58a2e09397b}\ (4 subtraces) (ID = 119952)
7:12 PM: HKLM\software\classes\clsid\{12fa3d1e-6bb1-a968-d251-242ce33a798a}\ (4 subtraces) (ID = 119954)
7:12 PM: HKLM\software\classes\clsid\{18bdb348-e8b0-d5a4-55f2-74fd4cb49a69}\ (4 subtraces) (ID = 119961)
7:12 PM: HKLM\software\classes\clsid\{18df9808-f6c9-984b-ede3-0b7624ec452a}\ (4 subtraces) (ID = 119964)
7:12 PM: HKLM\software\classes\clsid\{26f5cdb0-3add-70f3-f30f-8dd2b92d52ff}\ (4 subtraces) (ID = 119983)
7:12 PM: HKLM\software\classes\clsid\{29cda41a-a8eb-6a68-bbf5-2877418d55c7}\ (4 subtraces) (ID = 119988)
7:12 PM: HKLM\software\classes\clsid\{30e36b0a-ca1d-18e7-7fd2-9ba91d4d1710}\ (4 subtraces) (ID = 119995)
7:12 PM: HKLM\software\classes\clsid\{32fb9a97-c47a-795a-3b47-9a97c1448dfc}\ (4 subtraces) (ID = 120001)
7:12 PM: HKLM\software\classes\clsid\{35cdce87-6bd6-878a-d4c9-24118a153d34}\ (4 subtraces) (ID = 120009)
7:12 PM: HKLM\software\classes\clsid\{38a09fc8-fcaf-3d1e-a6d6-fb0a0e2e2d98}\ (4 subtraces) (ID = 120016)
7:12 PM: HKLM\software\classes\clsid\{38c14aa2-0708-7dad-f01c-6c0208a38be2}\ (4 subtraces) (ID = 120017)
7:12 PM: HKLM\software\classes\clsid\{44a4f449-aded-a513-8ae7-5a3ddf205f49}\ (4 subtraces) (ID = 120029)
7:12 PM: HKLM\software\classes\clsid\{44e45869-432d-7e42-d253-048eaf61f303}\ (2 subtraces) (ID = 120032)
7:12 PM: HKLM\software\classes\clsid\{47b70b6f-a6b0-230a-43c3-9f9b5c710209}\ (2 subtraces) (ID = 120039)
7:12 PM: HKLM\software\classes\clsid\{47da2122-90a1-597c-94d7-20963f392761}\ (4 subtraces) (ID = 120040)
7:12 PM: HKLM\software\classes\clsid\{50b9d537-5db0-52b1-ff6f-ed6c70da477e}\ (2 subtraces) (ID = 120046)
7:12 PM: HKLM\software\classes\clsid\{52ca0fce-f9e0-2125-6ca6-2627141a47e9}\ (4 subtraces) (ID = 120052)
7:12 PM: HKLM\software\classes\clsid\{62b52b4d-547b-bfc7-9850-79709fdecf27}\ (4 subtraces) (ID = 120079)
7:12 PM: HKLM\software\classes\clsid\{69a88c5e-04e5-741d-6ca2-9cb5374eb263}\ (4 subtraces) (ID = 120099)
7:12 PM: HKLM\software\classes\clsid\{83cbe2fb-4038-4351-9b1c-e69bf75962aa}\ (4 subtraces) (ID = 120135)
7:12 PM: HKLM\software\classes\clsid\{85e6b001-b482-61ae-78c6-6eae60d74d00}\ (2 subtraces) (ID = 120140)
7:12 PM: HKLM\software\classes\clsid\{85f1c7fc-7359-d6d5-c42b-f3e410db4cad}\ (4 subtraces) (ID = 120141)
7:12 PM: HKLM\software\classes\clsid\{91f43f3e-89c1-20c2-9f7f-c5907e5ddc26}\localserver32\ (1 subtraces) (ID = 120160)
7:12 PM: HKLM\software\classes\clsid\{96eea21b-4aa3-4627-ea0a-176241dbd1a4}\ (4 subtraces) (ID = 120166)
7:12 PM: HKLM\software\classes\clsid\{97e37285-b9d3-035e-821f-3ebe4f849c3d}\ (4 subtraces) (ID = 120169)
7:12 PM: HKLM\software\classes\clsid\{155f178d-1b07-52bd-bf72-827f24ed9dce}\ (4 subtraces) (ID = 120181)
7:12 PM: HKLM\software\classes\clsid\{430b869b-eb6e-cbd3-5e4d-6d279372aa20}\ (2 subtraces) (ID = 120237)
7:12 PM: HKLM\software\classes\clsid\{714c2287-db2d-3514-4785-8ec21ba5c5f1}\ (2 subtraces) (ID = 120267)
7:12 PM: HKLM\software\classes\clsid\{735ddac7-f8f1-47dd-d87a-6af0100b6a48}\ (4 subtraces) (ID = 120268)
7:12 PM: HKLM\software\classes\clsid\{742cf04d-ee46-1423-e899-b91c547abc20}\ (4 subtraces) (ID = 120270)
7:12 PM: HKLM\software\classes\clsid\{763fc5cf-92d8-a8be-597e-1c53c8d18d56}\ (4 subtraces) (ID = 120272)
7:12 PM: HKLM\software\classes\clsid\{792a038a-9c16-9885-5b25-ce939788172a}\ (4 subtraces) (ID = 120278)
7:12 PM: HKLM\software\classes\clsid\{792e2c95-aebd-d9b8-e958-ad1bb5a3d9ba}\ (4 subtraces) (ID = 120279)
7:12 PM: HKLM\software\classes\clsid\{826d0369-102b-4a44-f27b-d9dcc50a8ee6}\ (4 subtraces) (ID = 120284)
7:12 PM: HKLM\software\classes\clsid\{865e2cec-dcdc-cf30-c932-8a491f233655}\ (4 subtraces) (ID = 120291)
7:12 PM: HKLM\software\classes\clsid\{877dbfe0-6233-b1c4-8252-a4475bcf6dd2}\ (4 subtraces) (ID = 120294)
7:12 PM: HKLM\software\classes\clsid\{932ecf21-1dcb-f962-4c70-56830e2bd255}\ (2 subtraces) (ID = 120303)
7:12 PM: HKLM\software\classes\clsid\{966fa744-197f-e95e-eb31-73be39619de2}\ (4 subtraces) (ID = 120311)
7:12 PM: HKLM\software\classes\clsid\{1714a690-3be3-3c63-d05d-b9e2e19a88a3}\ (4 subtraces) (ID = 120318)
7:12 PM: HKLM\software\classes\clsid\{4095aaf5-bad2-a97d-d64c-566a52e35c2e}\ (4 subtraces) (ID = 120341)
7:12 PM: HKLM\software\classes\clsid\{4904c579-9366-3b77-3148-9401dbd4a5aa}\ (4 subtraces) (ID = 120351)
7:12 PM: HKLM\software\classes\clsid\{5932f9cb-e60e-11c7-5ba5-2cd8198cbdb4}\localserver32\ (1 subtraces) (ID = 120359)
7:12 PM: HKLM\software\classes\clsid\{7658c68e-7ed4-8476-ac96-729091012307}\ (4 subtraces) (ID = 120377)
7:12 PM: HKLM\software\classes\clsid\{7868ec16-8c67-1dbd-6d5a-ebb325881bd9}\ (4 subtraces) (ID = 120379)
7:12 PM: HKLM\software\classes\clsid\{7904d3dd-22e5-c0c1-0648-e66a3897e380}\ (4 subtraces) (ID = 120381)
7:12 PM: HKLM\software\classes\clsid\{8007f30a-add5-7e61-d29c-8f166bc8a3dd}\ (4 subtraces) (ID = 120382)
7:12 PM: HKLM\software\classes\clsid\{8263bb7b-dde9-23ff-589b-c8f6c675be35}\ (2 subtraces) (ID = 120389)
7:12 PM: HKLM\software\classes\clsid\{8669abb2-7410-3460-f449-e119dca24cc4}\ (4 subtraces) (ID = 120392)
7:12 PM: HKLM\software\classes\clsid\{12094fca-1ee9-6ee5-5b4b-4b1eda5f575c}\ (4 subtraces) (ID = 120409)
7:12 PM: HKLM\software\classes\clsid\{12130dcb-3df4-96ec-27b9-61e0d766f680}\ (4 subtraces) (ID = 120410)
7:12 PM: HKLM\software\classes\clsid\{52343dbf-cf46-b3ea-81bb-8a3dcb6b9a64}\ (4 subtraces) (ID = 120430)
7:12 PM: HKLM\software\classes\clsid\{67654c62-b847-d47b-7386-202e338f4761}\ (4 subtraces) (ID = 120440)
7:12 PM: HKLM\software\classes\clsid\{76321c6a-b800-93a4-24bb-b1f318d2a8e0}\ (2 subtraces) (ID = 120450)
7:12 PM: HKLM\software\classes\clsid\{491288eb-d314-5571-9c18-b1eac89ade09}\ (4 subtraces) (ID = 120486)
7:12 PM: HKLM\software\classes\clsid\{551764cc-abcf-335c-76f6-62283b478a0f}\ (4 subtraces) (ID = 120487)
7:12 PM: HKLM\software\classes\clsid\{1082088a-e784-5093-f9a0-07e5588fa67c}\ (4 subtraces) (ID = 120510)
7:12 PM: HKLM\software\classes\clsid\{1323178d-09e3-b628-cc3a-95630b64b7da}\ (4 subtraces) (ID = 120511)
7:12 PM: HKLM\software\classes\clsid\{1486290a-90c1-388f-adc8-6bfaa6b057e8}\ (4 subtraces) (ID = 120512)
7:12 PM: HKLM\software\classes\clsid\{3508830d-8a20-1c38-52a8-8dc8b11ee6f4}\ (4 subtraces) (ID = 120517)
7:12 PM: HKLM\software\classes\clsid\{71476230-0b89-e69d-d223-279f989c21bb}\ (4 subtraces) (ID = 120559)
7:12 PM: HKLM\software\classes\clsid\{76518006-d7c5-4c71-68f4-da79559fa482}\data\ (1 subtraces) (ID = 120561)
7:12 PM: HKLM\software\classes\clsid\{a5b3b4a7-6bd2-e7ce-e654-7a1d658d1bb3}\ (4 subtraces) (ID = 120584)
7:12 PM: HKLM\software\classes\clsid\{a9bb7c1a-e63b-e0a9-63eb-7124fa52d1b0}\ (4 subtraces) (ID = 120594)
7:12 PM: HKLM\software\classes\clsid\{a507c113-55e6-12cb-8ec0-ba8be1f569b2}\ (4 subtraces) (ID = 120613)
7:12 PM: HKLM\software\classes\clsid\{a4405ad1-a13c-e10b-4b57-d5092b102f2b}\ (2 subtraces) (ID = 120621)
7:12 PM: HKLM\software\classes\clsid\{a7737e2c-9c15-d4be-4a5b-c15b7e8c41e9}\ (4 subtraces) (ID = 120626)
7:12 PM: HKLM\software\classes\clsid\{a8703447-9782-72d3-aa41-606a7e155ce5}\ (4 subtraces) (ID = 120637)
7:12 PM: HKLM\software\classes\clsid\{aac06f6e-f261-4e44-cf1d-b1ea9712ef4b}\ (4 subtraces) (ID = 120640)
7:12 PM: HKLM\software\classes\clsid\{abff8236-dcbd-e17b-0a69-6fd85fa199fe}\ (2 subtraces) (ID = 120651)
7:12 PM: HKLM\software\classes\clsid\{aedefef1-3732-630e-951f-1cbf02877cf3}\ (4 subtraces) (ID = 120665)
7:12 PM: HKLM\software\classes\clsid\{b2e28203-4884-d849-f129-5f1a3c2a59d2}\ (4 subtraces) (ID = 120680)
7:12 PM: HKLM\software\classes\clsid\{b4d50626-aaf0-64ac-f1d5-8a697dd0e515}\ (4 subtraces) (ID = 120684)
7:12 PM: HKLM\software\classes\clsid\{b7f4d50b-eac3-a3f3-769f-96194a8decde}\ (4 subtraces) (ID = 120691)
7:12 PM: HKLM\software\classes\clsid\{b53a1210-39b9-b7a9-ec40-490716ca4a8d}\ (4 subtraces) (ID = 120703)
7:12 PM: HKLM\software\classes\clsid\{b279d474-b064-dcc7-5638-6b0e0a96537c}\ (2 subtraces) (ID = 120712)
7:12 PM: HKLM\software\classes\clsid\{b595a235-53a2-27d5-eff6-d0208801d071}\ (4 subtraces) (ID = 120716)
7:12 PM: HKLM\software\classes\clsid\{b1169abc-e367-2937-9f96-3b9cb54e0f31}\ (4 subtraces) (ID = 120722)
7:12 PM: HKLM\software\classes\clsid\{ba8c901d-7125-d60e-c709-3e7f4a433a01}\ (4 subtraces) (ID = 120740)
7:12 PM: HKLM\software\classes\clsid\{bc0dc8bd-646d-fa46-8739-116b4f8b8228}\ (2 subtraces) (ID = 120746)
7:12 PM: HKLM\software\classes\clsid\{bc0fe7f5-ad1d-a795-c683-f3eb54072efe}\ (4 subtraces) (ID = 120747)
7:12 PM: HKLM\software\classes\clsid\{bd9a8bb0-8bf8-ec2e-5a23-8010e127e35b}\ (4 subtraces) (ID = 120753)
7:12 PM: HKLM\software\classes\clsid\{be5dcdbc-54d3-95ea-b258-2d53bd817431}\ (4 subtraces) (ID = 120763)
7:12 PM: HKLM\software\classes\clsid\{c092cea0-fb34-5e12-83ed-47942941decc}\ (4 subtraces) (ID = 120776)
7:12 PM: HKLM\software\classes\clsid\{c21c6790-58a0-81bd-58f6-11ef55d9badf}\ (6 subtraces) (ID = 120816)
7:12 PM: HKLM\software\classes\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (4 subtraces) (ID = 120824)
7:12 PM: HKLM\software\classes\clsid\{c53d27e6-2a68-7cd9-a09f-541ef27b2319}\ (4 subtraces) (ID = 120827)
7:12 PM: HKLM\software\classes\clsid\{c174cc42-7291-0dca-ce42-7db1c655aadd}\ (2 subtraces) (ID = 120841)
7:12 PM: HKLM\software\classes\clsid\{c432f8c9-5e41-f564-674e-c21b8257061b}\ (2 subtraces) (ID = 120846)
7:12 PM: HKLM\software\classes\clsid\{c927a651-6768-ed9e-c3ed-cbd9a6cf4b22}\ (4 subtraces) (ID = 120851)
7:12 PM: HKLM\software\classes\clsid\{c6986041-af54-9aef-5ea0-8c5c69d8deb3}\ (4 subtraces) (ID = 120867)
7:12 PM: HKLM\software\classes\clsid\{d6c7db36-c0ac-c91f-b408-61a55e5ab6c5}\ (4 subtraces) (ID = 120930)
7:12 PM: HKLM\software\classes\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (4 subtraces) (ID = 120931)
7:12 PM: HKLM\software\classes\clsid\{d27dd7b4-a72b-4b66-2bd3-262b793a3c2c}\ (4 subtraces) (ID = 120941)
7:12 PM: HKLM\software\classes\clsid\{d377ff80-b093-7377-d7f1-2d8792ccf322}\ (2 subtraces) (ID = 120954)
7:12 PM: HKLM\software\classes\clsid\{d847dbfe-4ee2-af6c-d202-0d9795b9d820}\ (4 subtraces) (ID = 120959)
7:12 PM: HKLM\software\classes\clsid\{d4451521-f203-568e-2657-c5ad1f0b1f77}\ (2 subtraces) (ID = 120975)
7:12 PM: HKLM\software\classes\clsid\{da78be1d-07fe-b346-204e-c738df8c7f8d}\ (4 subtraces) (ID = 120984)
7:12 PM: HKLM\software\classes\clsid\{dabff8c3-df48-f11c-290d-d7cd732b35cc}\ (2 subtraces) (ID = 120990)
7:12 PM: HKLM\software\classes\clsid\{db054d56-eea3-c985-bedb-3e646a49fa44}\ (4 subtraces) (ID = 120991)
7:12 PM: HKLM\software\classes\clsid\{e8c74323-6eac-41df-4232-e6575dcce375}\ (4 subtraces) (ID = 121060)
7:12 PM: HKLM\software\classes\clsid\{e36a99d7-088f-a5e8-1ba4-87116d938d49}\ (4 subtraces) (ID = 121071)
7:12 PM: HKLM\software\classes\clsid\{e65fc41a-89b3-21b7-1eb6-e92da3645370}\ (2 subtraces) (ID = 121081)
7:12 PM: HKLM\software\classes\clsid\{e5181bb3-b821-0d7b-d568-3766286d5460}\ (2 subtraces) (ID = 121098)
7:12 PM: HKLM\software\classes\clsid\{ede4719b-ac04-9ee1-7aea-7712560b2832}\ (4 subtraces) (ID = 121145)
7:12 PM: HKLM\software\classes\clsid\{ee5f21bb-197a-041b-53a6-055c6b35dd91}\ (2 subtraces) (ID = 121146)
7:12 PM: HKLM\software\classes\clsid\{ee72d9b5-81c8-e738-8f1c-e3d4fed74e0d}\ (4 subtraces) (ID = 121150)
7:12 PM: HKLM\software\classes\clsid\{eff18eac-64bf-91ff-8f1b-42b57350d99f}\ (4 subtraces) (ID = 121167)
7:12 PM: HKLM\software\classes\clsid\{f065e398-2acb-9034-8b2a-28a827ff521f}\ (4 subtraces) (ID = 121173)
7:12 PM: HKLM\software\classes\clsid\{f1b10cdc-1975-ec0c-c522-2571525e92cf}\ (4 subtraces) (ID = 121177)
7:12 PM: HKLM\software\classes\clsid\{f1e91259-92c0-8767-a2e0-85139867622a}\ (2 subtraces) (ID = 121178)
7:12 PM: HKLM\software\classes\clsid\{f6eb941e-9dcd-6e07-e139-d2ab90baae62}\ (4 subtraces) (ID = 121195)
7:12 PM: HKLM\software\classes\clsid\{f7dfcd4f-46cd-bda8-264c-0a68205f4979}\ (2 subtraces) (ID = 121199)
7:12 PM: HKLM\software\classes\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (4 subtraces) (ID = 121227)
7:12 PM: HKLM\software\classes\clsid\{f317424c-8ecc-86c7-5e5b-7aa1bd81d1c4}\ (2 subtraces) (ID = 121236)
7:12 PM: HKLM\software\classes\clsid\{f6802757-10ab-dbc8-719a-c48394d31082}\ (2 subtraces) (ID = 121240)
7:12 PM: HKLM\software\classes\clsid\{fa112fa2-b6c7-ce6a-de50-feaf22c15154}\ (4 subtraces) (ID = 121244)
7:12 PM: HKLM\software\classes\clsid\{fa986cde-0fa2-33a9-ecfd-8291dfa81985}\ (4 subtraces) (ID = 121245)
7:12 PM: HKLM\software\classes\clsid\{fedb5c70-c8d3-5ce0-5433-3bfbf961af4b}\ (2 subtraces) (ID = 121283)
7:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{816a50db-569d-3bb1-e768-24983b6f81cb}\ (1 subtraces) (ID = 122744)
7:12 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{827dd3ad-b77d-3e4e-38a7-d343db29d4ab}\ (1 subtraces) (ID = 122745)
7:12 PM: Found Adware: cws_tiny0
7:12 PM: HKCR\clsid\{0adef183-c204-6bfb-2da8-5c12061de911}\ (2 subtraces) (ID = 123809)
7:12 PM: HKCR\clsid\{00564d9e-6d4b-1ba6-3369-3ca152eda8ce}\ (4 subtraces) (ID = 123813)
7:12 PM: HKCR\clsid\{01198741-dbe0-e6f4-9dbe-877b61fb1d1d}\ (4 subtraces) (ID = 123814)
7:12 PM: HKCR\clsid\{2a80d71d-33b8-3e91-8293-2130b34265a4}\ (2 subtraces) (ID = 123827)
7:12 PM: HKCR\clsid\{4a5da6c7-cafa-adbe-1cbd-9db325c4eb88}\ (4 subtraces) (ID = 123836)
7:12 PM: HKCR\clsid\{4a210c09-c3ae-d36c-3ec5-0d7723985463}\ (4 subtraces) (ID = 123837)
7:12 PM: HKCR\clsid\{4c96c433-2edc-3926-b873-410db1199685}\ (2 subtraces) (ID = 123840)
7:12 PM: HKCR\clsid\{5c2b2d9c-60fc-5f4c-5894-68eb7dfa3935}\ (4 subtraces) (ID = 123845)
7:12 PM: HKCR\clsid\{7dfa112f-21b6-72ce-a5de-09feaf22c151}\ (2 subtraces) (ID = 123853)
7:12 PM: HKCR\clsid\{8a0fedbb-3762-aeb7-e85e-6bcc16f76759}\ (2 subtraces) (ID = 123856)
7:12 PM: HKCR\clsid\{9c060fc3-f4ce-894d-8eb7-fa3935ce5aa1}\ (4 subtraces) (ID = 123869)
7:12 PM: HKCR\clsid\{9edc0d8f-954e-a638-c240-d52042910a62}\ (4 subtraces) (ID = 123872)
7:12 PM: HKCR\clsid\{18eafe7b-570b-346c-adef-9cdda8a1986f}\ (2 subtraces) (ID = 123875)
7:12 PM: HKCR\clsid\{38bcc2cd-af0a-ec41-d4cb-035f1c7378c9}\ (4 subtraces) (ID = 123881)
7:12 PM: HKCR\clsid\{64ab146b-0c39-dec3-5aed-e2da773c655f}\ (4 subtraces) (ID = 123888)
7:12 PM: HKCR\clsid\{67a0e5dd-d21d-3f1c-2fd5-07c50b27b4bd}\ (2 subtraces) (ID = 123889)
7:12 PM: HKCR\clsid\{69c2d4b0-ce91-aab5-0bb5-4f75b848492d}\ (4 subtraces) (ID = 123892)
7:12 PM: HKCR\clsid\{78ca5367-0660-d7de-5424-c4ad26542538}\ (4 subtraces) (ID = 123895)
7:12 PM: HKCR\clsid\{208bd4d8-3da2-3736-a8e6-f3af3479fa31}\ (4 subtraces) (ID = 123905)
7:12 PM: HKCR\clsid\{286ece71-3f17-089b-f6bd-0e16d255ae8a}\ (2 subtraces) (ID = 123907)
7:12 PM: HKCR\clsid\{497aeaf3-0f8f-a4b6-48f2-a80144d90604}\ (2 subtraces) (ID = 123915)
7:12 PM: HKCR\clsid\{818d123d-b7cf-1169-dd32-2310ad262479}\ (4 subtraces) (ID = 123923)
7:12 PM: HKCR\clsid\{821c8bb3-c516-bee5-c6a4-ecf0d92bf426}\ (4 subtraces) (ID = 123924)
7:12 PM: HKCR\clsid\{2621d1bf-0a92-2d9c-e595-02a9c3f76f46}\ (4 subtraces) (ID = 123929)
7:12 PM: HKCR\clsid\{8424a742-21c5-e92b-d6a5-2b565d796258}\ (4 subtraces) (ID = 123936)
7:12 PM: HKCR\clsid\{9913f006-5621-d9b4-e3cb-064477e8d278}\ (4 subtraces) (ID = 123937)
7:12 PM: HKCR\clsid\{25742c0f-dc0d-f5dc-55de-c66285aa22ab}\ (2 subtraces) (ID = 123938)
7:12 PM: HKCR\clsid\{36846eb6-c1b1-a145-b3ce-f5740fa22ff8}\ (4 subtraces) (ID = 123940)
7:12 PM: HKCR\clsid\{a1bc7cdd-070b-7e5c-fead-f4789795ad1a}\ (4 subtraces) (ID = 123952)
7:12 PM: HKCR\clsid\{a45c982e-5e8a-94c9-33a0-1f6e1789ac7e}\ (2 subtraces) (ID = 123957)
7:12 PM: HKCR\clsid\{a72caeb7-7e44-7941-564b-a741d28b01db}\ (2 subtraces) (ID = 123959)
7:12 PM: HKCR\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\ (4 subtraces) (ID = 123961)
7:12 PM: HKCR\clsid\{ba5e5b3e-bb1d-2938-3e93-1c81f766e7ab}\ (4 subtraces) (ID = 123979)
7:12 PM: HKCR\clsid\{bca234f8-dbe0-1cbe-ce94-63240442e405}\ (4 subtraces) (ID = 123981)
7:12 PM: HKCR\clsid\{bce50d6b-b3e6-30b9-72ab-14b60d86eb35}\ (4 subtraces) (ID = 123982)
7:12 PM: HKCR\clsid\{bd757058-7180-2ce5-e5b6-8c70aef236cc}\ (4 subtraces) (ID = 123984)
7:12 PM: HKCR\clsid\{c0e27572-be10-be39-5f1b-f26255b8f141}\ (4 subtraces) (ID = 123986)
7:12 PM: HKCR\clsid\{c5e66d21-ff6e-2881-4046-8d0402a4597d}\ (2 subtraces) (ID = 123990)
7:12 PM: HKCR\clsid\{c436be04-b80f-3f1b-b592-67b6c8c95688}\ (2 subtraces) (ID = 123994)
7:12 PM: HKCR\clsid\{c881c594-6f3e-f3f1-ea4b-72c7cea3e7db}\ (4 subtraces) (ID = 123996)
7:12 PM: HKCR\clsid\{caf35453-a9ab-61d6-e032-1f6ce85168f3}\ (4 subtraces) (ID = 124000)
7:12 PM: HKCR\clsid\{cd283bb0-5fea-f204-bc88-8c3ca240315d}\ (4 subtraces) (ID = 124001)
7:12 PM: HKCR\clsid\{d75897af-4779-fe93-0121-038fa5aa18c4}\ (4 subtraces) (ID = 124011)
7:12 PM: HKCR\clsid\{da826568-8230-c8bc-199c-3e738a0e5a48}\ (4 subtraces) (ID = 124012)
7:12 PM: HKCR\clsid\{f80f0d50-2d6c-75c3-606a-3dfe0f4fc5d0}\ (4 subtraces) (ID = 124034)
7:12 PM: HKCR\clsid\{fbd21fb3-d80f-1a9b-2038-2d60684cdee0}\ (4 subtraces) (ID = 124041)
7:12 PM: HKLM\software\classes\clsid\{0adef183-c204-6bfb-2da8-5c12061de911}\ (2 subtraces) (ID = 124045)
7:12 PM: HKLM\software\classes\clsid\{01198741-dbe0-e6f4-9dbe-877b61fb1d1d}\ (4 subtraces) (ID = 124049)
7:12 PM: HKLM\software\classes\clsid\{2a80d71d-33b8-3e91-8293-2130b34265a4}\ (2 subtraces) (ID = 124062)
7:12 PM: HKLM\software\classes\clsid\{4a5da6c7-cafa-adbe-1cbd-9db325c4eb88}\ (4 subtraces) (ID = 124070)
7:12 PM: HKLM\software\classes\clsid\{4a210c09-c3ae-d36c-3ec5-0d7723985463}\ (4 subtraces) (ID = 124071)
7:12 PM: HKLM\software\classes\clsid\{4c96c433-2edc-3926-b873-410db1199685}\ (2 subtraces) (ID = 124075)
7:12 PM: HKLM\software\classes\clsid\{5c2b2d9c-60fc-5f4c-5894-68eb7dfa3935}\ (4 subtraces) (ID = 124079)
7:12 PM: HKLM\software\classes\clsid\{7dfa112f-21b6-72ce-a5de-09feaf22c151}\ (2 subtraces) (ID = 124087)
7:12 PM: HKLM\software\classes\clsid\{8a0fedbb-3762-aeb7-e85e-6bcc16f76759}\ (2 subtraces) (ID = 124090)
7:12 PM: HKLM\software\classes\clsid\{9c060fc3-f4ce-894d-8eb7-fa3935ce5aa1}\ (4 subtraces) (ID = 124102)
7:12 PM: HKLM\software\classes\clsid\{9edc0d8f-954e-a638-c240-d52042910a62}\ (4 subtraces) (ID = 124105)
7:12 PM: HKLM\software\classes\clsid\{18eafe7b-570b-346c-adef-9cdda8a1986f}\ (2 subtraces) (ID = 124108)
7:12 PM: HKLM\software\classes\clsid\{64ab146b-0c39-dec3-5aed-e2da773c655f}\ (4 subtraces) (ID = 124120)
7:12 PM: HKLM\software\classes\clsid\{67a0e5dd-d21d-3f1c-2fd5-07c50b27b4bd}\ (2 subtraces) (ID = 124121)
7:12 PM: HKLM\software\classes\clsid\{69c2d4b0-ce91-aab5-0bb5-4f75b848492d}\ (4 subtraces) (ID = 124124)
7:12 PM: HKLM\software\classes\clsid\{78ca5367-0660-d7de-5424-c4ad26542538}\ (4 subtraces) (ID = 124127)
7:12 PM: HKLM\software\classes\clsid\{208bd4d8-3da2-3736-a8e6-f3af3479fa31}\ (4 subtraces) (ID = 124136)
7:12 PM: HKLM\software\classes\clsid\{497aeaf3-0f8f-a4b6-48f2-a80144d90604}\ (2 subtraces) (ID = 124146)
7:12 PM: HKLM\software\classes\clsid\{818d123d-b7cf-1169-dd32-2310ad262479}\ (4 subtraces) (ID = 124153)
7:12 PM: HKLM\software\classes\clsid\{821c8bb3-c516-bee5-c6a4-ecf0d92bf426}\ (4 subtraces) (ID = 124154)
7:12 PM: HKLM\software\classes\clsid\{2621d1bf-0a92-2d9c-e595-02a9c3f76f46}\ (4 subtraces) (ID = 124158)
7:12 PM: HKLM\software\classes\clsid\{8424a742-21c5-e92b-d6a5-2b565d796258}\ (4 subtraces) (ID = 124164)
7:12 PM: HKLM\software\classes\clsid\{9913f006-5621-d9b4-e3cb-064477e8d278}\ (4 subtraces) (ID = 124165)
7:12 PM: HKLM\software\classes\clsid\{25742c0f-dc0d-f5dc-55de-c66285aa22ab}\ (2 subtraces) (ID = 124166)
7:12 PM: HKLM\software\classes\clsid\{36846eb6-c1b1-a145-b3ce-f5740fa22ff8}\ (4 subtraces) (ID = 124168)
7:12 PM: HKLM\software\classes\clsid\{a1bc7cdd-070b-7e5c-fead-f4789795ad1a}\ (4 subtraces) (ID = 124181)
7:12 PM: HKLM\software\classes\clsid\{a45c982e-5e8a-94c9-33a0-1f6e1789ac7e}\ (2 subtraces) (ID = 124186)
7:12 PM: HKLM\software\classes\clsid\{a72caeb7-7e44-7941-564b-a741d28b01db}\ (2 subtraces) (ID = 124188)
7:12 PM: HKLM\software\classes\clsid\{a4589c07-991d-8034-c12e-69c0d5455dea}\ (4 subtraces) (ID = 124190)
7:12 PM: HKLM\software\classes\clsid\{ba5e5b3e-bb1d-2938-3e93-1c81f766e7ab}\ (4 subtraces) (ID = 124209)
7:12 PM: HKLM\software\classes\clsid\{bca234f8-dbe0-1cbe-ce94-63240442e405}\ (4 subtraces) (ID = 124210)
7:12 PM: HKLM\software\classes\clsid\{bce50d6b-b3e6-30b9-72ab-14b60d86eb35}\ (4 subtraces) (ID = 124211)
7:12 PM: HKLM\software\classes\clsid\{bd757058-7180-2ce5-e5b6-8c70aef236cc}\ (4 subtraces) (ID = 124213)
7:12 PM: HKLM\software\classes\clsid\{c0e27572-be10-be39-5f1b-f26255b8f141}\ (4 subtraces) (ID = 124215)
7:12 PM: HKLM\software\classes\clsid\{c5e66d21-ff6e-2881-4046-8d0402a4597d}\ (2 subtraces) (ID = 124219)
7:12 PM: HKLM\software\classes\clsid\{c436be04-b80f-3f1b-b592-67b6c8c95688}\ (2 subtraces) (ID = 124224)
7:12 PM: HKLM\software\classes\clsid\{c881c594-6f3e-f3f1-ea4b-72c7cea3e7db}\ (4 subtraces) (ID = 124226)
7:12 PM: HKLM\software\classes\clsid\{caf35453-a9ab-61d6-e032-1f6ce85168f3}\ (4 subtraces) (ID = 124230)
7:12 PM: HKLM\software\classes\clsid\{cd283bb0-5fea-f204-bc88-8c3ca240315d}\ (4 subtraces) (ID = 124231)
7:12 PM: HKLM\software\classes\clsid\{d75897af-4779-fe93-0121-038fa5aa18c4}\ (4 subtraces) (ID = 124240)
7:12 PM: HKLM\software\classes\clsid\{da826568-8230-c8bc-199c-3e738a0e5a48}\ (4 subtraces) (ID = 124241)
7:12 PM: HKLM\software\classes\clsid\{f80f0d50-2d6c-75c3-606a-3dfe0f4fc5d0}\ (4 subtraces) (ID = 124262)
7:12 PM: HKLM\software\classes\clsid\{fbd21fb3-d80f-1a9b-2038-2d60684cdee0}\ (4 subtraces) (ID = 124268)
7:12 PM: Found Trojan Horse: trojan-downloader-bqadsearch
7:12 PM: HKCR\clsid\{124cbac9-f676-9661-0905-3c16a52d7aeb}\ (4 subtraces) (ID = 144329)
7:12 PM: HKCR\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\ (4 subtraces) (ID = 144383)
7:12 PM: HKLM\software\classes\clsid\{124cbac9-f676-9661-0905-3c16a52d7aeb}\ (4 subtraces) (ID = 144395)
7:12 PM: HKLM\software\classes\clsid\{ef535cff-cb81-6cc3-a873-2f8c82aec371}\ (4 subtraces) (ID = 144432)
7:12 PM: Found Trojan Horse: trojan_downloader_tibser
7:12 PM: HKCR\clsid\{4ee6b1b9-e3c3-db03-16bb-541af46efca3}\ (4 subtraces) (ID = 145073)
7:12 PM: HKCR\clsid\{28f3e407-f254-5d75-c0d9-a8f22cc3eac5}\ (4 subtraces) (ID = 145076)
7:12 PM: HKCR\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\ (4 subtraces) (ID = 145079)
7:12 PM: HKCR\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\ (4 subtraces) (ID = 145084)
7:12 PM: HKLM\software\classes\clsid\{4ee6b1b9-e3c3-db03-16bb-541af46efca3}\ (4 subtraces) (ID = 145090)
7:12 PM: HKLM\software\classes\clsid\{28f3e407-f254-5d75-c0d9-a8f22cc3eac5}\ (4 subtraces) (ID = 145093)
7:12 PM: HKLM\software\classes\clsid\{375c6816-55d9-3eb5-0b65-51f231799585}\ (4 subtraces) (ID = 145096)
7:12 PM: HKLM\software\classes\clsid\{bd3b6d57-bb35-1cad-d1dc-ac5dd1b9d3de}\ (4 subtraces) (ID = 145101)
7:12 PM: Found Adware: tvmedia
7:12 PM: HKCR\clsid\{39036bd7-3708-ac69-49ca-78f80350cdf7}\ (4 subtraces) (ID = 145302)
7:12 PM: HKLM\software\classes\clsid\{39036bd7-3708-ac69-49ca-78f80350cdf7}\ (4 subtraces) (ID = 145306)
7:12 PM: Found Adware: winad
7:12 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\winadtoolsx.dll (ID = 147225)
7:12 PM: HKCR\clsid\{63ed29da-0aa4-8484-8768-ca30115061de}\ (2 subtraces) (ID = 753611)
7:12 PM: HKLM\software\classes\clsid\{63ed29da-0aa4-8484-8768-ca30115061de}\ (2 subtraces) (ID = 753668)
7:12 PM: Found Adware: winantispyware 2005
7:12 PM: HKLM\software\microsoft\windows\currentversion\run\ || ni.uwfx5_0001_lp1014 (ID = 912239)
7:12 PM: Found Adware: wildmedia
7:12 PM: HKU\WRSS_Profile_S-1-5-21-3403473811-645757453-568730901-1008\software\microsoft\internet explorer\main\ || updater (ID = 146721)
7:12 PM: Found Adware: drsnsrch hijacker
7:12 PM: HKU\WRSS_Profile_S-1-5-21-3403473811-645757453-568730901-1008\software\dsrch\ (4 subtraces) (ID = 509156)
7:12 PM: HKU\S-1-5-21-3403473811-645757453-568730901-1007\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
7:12 PM: HKU\S-1-5-21-3403473811-645757453-568730901-1007\software\dsrch\ (11 subtraces) (ID = 509156)
7:13 PM: Registry Sweep Complete, Elapsed Time:00:00:48
7:13 PM: Starting Cookie Sweep
7:13 PM: Found Spy Cookie: 888 cookie
7:13 PM: john s. batt@www.888[1].txt (ID = 2020)
7:13 PM: Found Spy Cookie: websponsors cookie
7:13 PM: elizabeth batt@a.websponsors[2].txt (ID = 3665)
7:13 PM: Found Spy Cookie: about cookie
7:13 PM: elizabeth batt@about[1].txt (ID = 2037)
7:13 PM: Found Spy Cookie: reunion cookie
7:13 PM: elizabeth batt@ad.reunion[1].txt (ID = 3256)
7:13 PM: Found Spy Cookie: adknowledge cookie
7:13 PM: elizabeth batt@adknowledge[2].txt (ID = 2072)
7:13 PM: Found Spy Cookie: adprofile cookie
7:13 PM: elizabeth batt@adprofile[1].txt (ID = 2084)
7:13 PM: Found Spy Cookie: alt cookie
7:13 PM: elizabeth batt@alt[1].txt (ID = 2217)
7:13 PM: Found Spy Cookie: ask cookie
7:13 PM: elizabeth batt@ask[2].txt (ID = 2245)
7:13 PM: Found Spy Cookie: atlas dmt cookie
7:13 PM: elizabeth batt@atdmt[1].txt (ID = 2253)
7:13 PM: Found Spy Cookie: a cookie
7:13 PM: elizabeth batt@a[1].txt (ID = 2027)
7:13 PM: Found Spy Cookie: bizrate cookie
7:13 PM: elizabeth batt@bizrate[2].txt (ID = 2308)
7:13 PM: Found Spy Cookie: webtrendslive cookie
7:13 PM: elizabeth batt@dcs8ir0f010000oyioyaka1kl_8j7n[2].txt (ID = 3673)
7:13 PM: Found Spy Cookie: webservicehosts cookie
7:13 PM: elizabeth batt@dr.webservicehosts[2].txt (ID = 3663)
7:13 PM: Found Spy Cookie: ic-live cookie
7:13 PM: elizabeth batt@ic-live[1].txt (ID = 2821)
7:13 PM: Found Spy Cookie: mediaplex cookie
7:13 PM: elizabeth batt@mediaplex[1].txt (ID = 6442)
7:13 PM: Found Spy Cookie: nextag cookie
7:13 PM: elizabeth batt@nextag[1].txt (ID = 5014)
7:13 PM: Found Spy Cookie: one-time-offer cookie
7:13 PM: elizabeth batt@one-time-offer[1].txt (ID = 3095)
7:13 PM: Found Spy Cookie: stamps.com cookie
7:13 PM: elizabeth batt@photo.stamps[1].txt (ID = 3438)
7:13 PM: elizabeth batt@reunion[2].txt (ID = 3255)
7:13 PM: Found Spy Cookie: pch cookie
7:13 PM: elizabeth batt@sb.pch[2].txt (ID = 3124)
7:13 PM: elizabeth batt@stamps[2].txt (ID = 3437)
7:13 PM: Found Spy Cookie: sexsearch cookie
7:13 PM: elizabeth batt@tour.splash.sexsearch[1].txt (ID = 3358)
7:13 PM: elizabeth batt@www.stamps[1].txt (ID = 3438)
7:13 PM: Found Spy Cookie: winantiviruspro cookie
7:13 PM: elizabeth batt@www.winantiviruspro[2].txt (ID = 3690)
7:13 PM: Found Spy Cookie: xmatch cookie
7:13 PM: elizabeth batt@xmatch[1].txt (ID = 3719)
7:13 PM: john batt@a[1].txt (ID = 2027)
7:13 PM: Found Spy Cookie: btgrab cookie
7:13 PM: john batt@btg.btgrab[2].txt (ID = 2333)
7:13 PM: Cookie Sweep Complete, Elapsed Time: 00:00:09
7:13 PM: Starting File Sweep
7:13 PM: Found Adware: adultlinks
7:13 PM: c:\documents and settings\elizabeth batt\application data\qcbar (32 subtraces) (ID = -2147481461)
7:41 PM: addit_cs.exe (ID = 88141)
7:53 PM: update11[1].xml (ID = 88019)
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: Warning: Unhandled Archive Type
7:53 PM: File Sweep Complete, Elapsed Time: 00:40:28
7:53 PM: Full Sweep has completed. Elapsed time 00:44:34
7:53 PM: Traces Found: 14407
7:56 PM: Removal process initiated
7:57 PM: Quarantining All Traces: cws_ns3
7:57 PM: Quarantining All Traces: cws-aboutblank
7:57 PM: Quarantining All Traces: wildmedia
7:57 PM: Quarantining All Traces: adultlinks
7:57 PM: Quarantining All Traces: agent.ay downloader
7:57 PM: Quarantining All Traces: coolwebsearch (cws)
7:57 PM: Quarantining All Traces: cws_tiny0
7:57 PM: Quarantining All Traces: trojan_downloader_tibser
7:57 PM: Quarantining All Traces: trojan-downloader-bqadsearch
7:57 PM: Quarantining All Traces: winad
7:57 PM: Quarantining All Traces: cws_hotoffers_desktophijacker
7:57 PM: Quarantining All Traces: drsnsrch hijacker
7:57 PM: Quarantining All Traces: tvmedia
7:57 PM: Quarantining All Traces: 888 cookie
7:57 PM: Quarantining All Traces: a cookie
7:57 PM: Quarantining All Traces: about cookie
7:57 PM: Quarantining All Traces: adknowledge cookie
7:57 P

#8 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 23 June 2006 - 10:27 PM

Second Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 8:12:40 PM, on 6/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: Class - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - C:\WINDOWS\system32\javall.dll (file missing)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [sdket32.exe] C:\WINDOWS\sdket32.exe
O4 - HKLM\..\Run: [jgplnca] C:\WINDOWS\system32\rhpyjmx.exe r
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [appwo.exe] C:\WINDOWS\appwo.exe
O4 - HKLM\..\Run: [ntaa.exe] C:\WINDOWS\system32\ntaa.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144546731609
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O18 - Protocol: ab2k - {01004100-0000-0000-B4F2-00207810F9A4} - C:\Program Files\Ab2k\AB2KCD.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Elizabeth Batt\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Thanks again for all of your help, I appreciate it greatly.

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 24 June 2006 - 08:57 AM

You may want to print this or save it to notepad as we will go to safe mode.


DownLoad http://www.intermute.com/spysubtract/cwshr...r_download.html
Close all browser windows,UnZip the file, click on the cwshredder.exe then click "Fix"

Fix these with HJT – mark them, close IE, click fix checked

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: Class - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - C:\WINDOWS\system32\javall.dll (file missing)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)


O4 - HKLM\..\Run: [sdket32.exe] C:\WINDOWS\sdket32.exe

O4 - HKLM\..\Run: [jgplnca] C:\WINDOWS\system32\rhpyjmx.exe r

O4 - HKLM\..\Run: [appwo.exe] C:\WINDOWS\appwo.exe

O4 - HKLM\..\Run: [ntaa.exe] C:\WINDOWS\system32\ntaa.exe

O18 - Protocol: ab2k - {01004100-0000-0000-B4F2-00207810F9A4} - C:\Program Files\Ab2k\AB2KCD.dll

DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\Ab2k
C:\WINDOWS\sdket32.exe
C:\WINDOWS\system32\rhpyjmx.exe
C:\WINDOWS\appwo.exe
C:\WINDOWS\system32\ntaa.exe

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 24 June 2006 - 02:56 PM

Downloaded CWShredder
Checked For Update
Fix
Scan is complete! CoolWebSearch was not found on this system.

HJT Run
All items indicated checked and then Fix chosen

The following said they were fixed, but when I re-booted and re-ran HJT, these were still there:
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)

The others checked, are now gone.

Downloaded KillBox and launched as indicated

Only one item was found and then deleted:
C:\Program Files\Ab2k

All others stated that they didn't exist.

All temp files deleted, recycle bin emptied

Re-booted

Here is the new HJT file:
Logfile of HijackThis v1.99.1
Scan saved at 1:30:05 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Common Files\ISPCOMP\InstallService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\RamBooster 2.0\Rambooster.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: (no name) - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - (no file)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144546731609
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Elizabeth Batt\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


The internet options on this machine have a mind of their own.
The home page changes and the Symantec Home Page Assistance indicates that my home page is being reset.
This system is sluggish and slow.

Your help is appreciated--thank you.

Next steps? Regard, ddp

#11 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 24 June 2006 - 03:40 PM

Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· Run the application
· Click on scanner
· Click Complete System Scan and the scan will begin.
· When the scan is finished, Set all items to delete
· Apply all actions
· look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log


Now that some other problems are gone try fixing those BHO's again, make sure IE is closed when you hit fix checked
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#12 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 24 June 2006 - 06:59 PM

Many thanks...

Ewido installed and run. Here is the log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:00:41 PM 6/24/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{364A9AC1-833E-64D6-405B-D34483F166CF} -> Adware.CoolWebSearch : No action taken.


::Report end

Here is the new HJT log as well:

Logfile of HijackThis v1.99.1
Scan saved at 4:46:46 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: (no name) - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - (no file)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144546731609
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Elizabeth Batt\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

I tried fix the bho's again and alas, they are still reappearing.

Further instructions would be appreciated. Thank you :thumbsup:

#13 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 24 June 2006 - 07:27 PM

Download About:Buster from:
http://www.majorgeeks.com/AboutBuster_d4289.html
Double click aboutbuster.exe, Click begin removal, click yes to shutdown IE, click Start, then click OK.


Run CWS again
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#14 ddp

ddp
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Colorado-ish
  • Local time:02:17 PM

Posted 24 June 2006 - 08:21 PM

Thanks again for your help and patience.

About:Buster downloaded and run in safe mode.
CWShredder run again--still no results found.

Here is the new Hijack this log:

Logfile of HijackThis v1.99.1
Scan saved at 7:05:49 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\about.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {006037F9-A004-367C-C7FB-9C0C131CA3DF} - (no file)
O2 - BHO: (no name) - {058680EF-4C0E-9D88-7204-989DB27DFD59} - (no file)
O2 - BHO: (no name) - {05B54EEA-CBAB-75C1-8A21-34789E39A7D5} - (no file)
O2 - BHO: (no name) - {06763DFB-EDE3-B1F2-ED09-5338D4A42571} - (no file)
O2 - BHO: (no name) - {0A0F8C71-36CE-130B-878E-A78A3C5F0E0A} - (no file)
O2 - BHO: (no name) - {0B293675-7DCE-9D9C-75F1-9FEC0A94DA73} - (no file)
O2 - BHO: (no name) - {0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} - (no file)
O2 - BHO: (no name) - {0DCB855C-7AF4-46FC-F0C0-27DCB8195678} - (no file)
O2 - BHO: (no name) - {128A81C9-9371-F285-C8ED-515C166A3DDF} - (no file)
O2 - BHO: (no name) - {12FEFF17-907F-D9D8-2F06-FEC8F3C36A99} - (no file)
O2 - BHO: (no name) - {17151197-586C-9ECF-1CC7-EAEDA430EFC7} - (no file)
O2 - BHO: (no name) - {172A767E-22AD-09EE-8C96-720970A7FA45} - (no file)
O2 - BHO: (no name) - {18BD55B6-E846-D825-4FA5-C4630E5EC6D9} - (no file)
O2 - BHO: (no name) - {1A73479F-2785-CF6C-EAB8-9261C8D3F612} - (no file)
O2 - BHO: (no name) - {1B089598-D84A-52ED-41C8-E16C5EC6B1F2} - (no file)
O2 - BHO: (no name) - {1C38F764-5211-C094-13C0-3AE414DC1B2A} - (no file)
O2 - BHO: (no name) - {1D0FEDCF-A698-FC6B-507B-7B53707E0A26} - (no file)
O2 - BHO: (no name) - {202AB9A5-E207-A755-726D-C66D76015501} - (no file)
O2 - BHO: (no name) - {202DAC62-070A-52D5-F993-6D64D764A5EA} - (no file)
O2 - BHO: (no name) - {20881ADC-7FCB-1C96-735F-EB9B62875CFC} - (no file)
O2 - BHO: (no name) - {233DFCAA-8612-276F-F990-E92E38DE0AC7} - (no file)
O2 - BHO: (no name) - {239909EF-A930-14A8-86CB-3552F80A8F71} - (no file)
O2 - BHO: (no name) - {24BE1459-795A-5BA6-B9B1-DC1A2D1652EF} - (no file)
O2 - BHO: (no name) - {28FF0DAA-6EDD-259A-83C4-EADDF15D72AD} - (no file)
O2 - BHO: (no name) - {29F05C23-1038-4D85-E86B-F5FFD52FD634} - (no file)
O2 - BHO: (no name) - {338ADA45-032E-0500-44D8-9A67C6B26F84} - (no file)
O2 - BHO: (no name) - {35B3E72A-B6CB-82E0-FCAB-935DEAAF49CD} - (no file)
O2 - BHO: (no name) - {369A63AB-22E5-CEAD-69B4-F3234AC621E8} - (no file)
O2 - BHO: (no name) - {372F8931-D513-1387-33C0-8D1E94346E23} - (no file)
O2 - BHO: (no name) - {3A175AA1-C661-1142-D773-47AE66A178FA} - (no file)
O2 - BHO: (no name) - {3AF61C43-088F-A3C6-4312-3AB906276F3A} - (no file)
O2 - BHO: (no name) - {3BA6EFD5-AEA8-9497-CE35-458F6CDEEA4A} - (no file)
O2 - BHO: (no name) - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - (no file)
O2 - BHO: (no name) - {43516FBF-3691-C70D-A53A-EDABD8F17435} - (no file)
O2 - BHO: (no name) - {46F6B9DE-ADD7-1BA7-6004-DD50BAA263AD} - (no file)
O2 - BHO: (no name) - {48824338-44C0-7912-89AA-850C0E0875C0} - (no file)
O2 - BHO: (no name) - {4AA3BB56-37CA-AC96-1BCE-57B02E6C007B} - (no file)
O2 - BHO: (no name) - {4E381D5B-92CC-AF4B-FF45-F7032B036461} - (no file)
O2 - BHO: (no name) - {538ECC2F-29D9-9161-D485-51734843D8C5} - (no file)
O2 - BHO: (no name) - {55E7FCAD-77C1-35FF-8206-D7405C6CDFAB} - (no file)
O2 - BHO: (no name) - {57FF3DF5-1455-4BEF-D766-0E2FF7882347} - (no file)
O2 - BHO: (no name) - {5AB9366F-C6A7-C20A-7DD8-57E2B35C0934} - (no file)
O2 - BHO: (no name) - {5C08210D-7F1B-7570-3DFD-9D61E8993802} - (no file)
O2 - BHO: (no name) - {5DAA3B7C-6DEC-B6D5-9597-81AFF0B315AA} - (no file)
O2 - BHO: (no name) - {5FFCA022-FA50-3120-C21F-E6C00C517716} - (no file)
O2 - BHO: (no name) - {6259AAB6-979D-83C5-B2DB-ABC95EA1C8B2} - (no file)
O2 - BHO: (no name) - {62AD4EF2-C738-EB7A-35B8-F6BCD27B9F70} - (no file)
O2 - BHO: (no name) - {63FF24F4-3A79-8B02-6E12-81C9BAAFF3A0} - (no file)
O2 - BHO: (no name) - {65424A8F-4E15-3395-EB24-27E676B5BB58} - (no file)
O2 - BHO: (no name) - {6728F0D9-78EF-A265-D7BD-034EEB9FEA0B} - (no file)
O2 - BHO: (no name) - {67A010F1-25BF-4EAD-A31C-3E5DD32D913A} - (no file)
O2 - BHO: (no name) - {6813A243-6455-01F2-5ABA-4D5390F9C114} - (no file)
O2 - BHO: (no name) - {6A46F6C4-6BA6-BB1F-242A-77FF5088C696} - (no file)
O2 - BHO: (no name) - {6B2B1D4A-827F-5433-DF52-88CA090883DD} - (no file)
O2 - BHO: (no name) - {6C924832-BFE0-5FFA-789B-ABE3BCB3F18B} - (no file)
O2 - BHO: (no name) - {6C9AE9E1-D36B-85B4-1F25-941CA52D764A} - (no file)
O2 - BHO: (no name) - {6E9F8B9C-0374-0684-98A2-0FF5E5939B54} - (no file)
O2 - BHO: (no name) - {73A30E12-BF8F-41BB-916F-3B8603733986} - (no file)
O2 - BHO: (no name) - {795BB343-30B6-2B4F-FA68-F174D498229E} - (no file)
O2 - BHO: (no name) - {7B347C16-D731-5094-06EB-897A95C75C75} - (no file)
O2 - BHO: (no name) - {8044BFB2-40EC-C70A-C711-736B0EE1248F} - (no file)
O2 - BHO: (no name) - {816A50DB-569D-3BB1-E768-24983B6F81CB} - (no file)
O2 - BHO: (no name) - {827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} - (no file)
O2 - BHO: (no name) - {843E6799-12EC-F461-F600-5419559381EC} - (no file)
O2 - BHO: (no name) - {844A3959-72B4-D52C-3764-396BA8F199A5} - (no file)
O2 - BHO: (no name) - {869A35BA-35D8-B014-00C5-D0FA6D89F1C6} - (no file)
O2 - BHO: (no name) - {87BA8C33-B881-C0DA-F0B1-B08EE50CDD55} - (no file)
O2 - BHO: (no name) - {88C6205F-2630-39C2-A423-8DF6C5DBE0B8} - (no file)
O2 - BHO: (no name) - {8A0B6039-9C48-66D5-8BFB-9F32F71C1612} - (no file)
O2 - BHO: (no name) - {8D8816A5-8F3C-8F53-F774-122B510AAF1A} - (no file)
O2 - BHO: (no name) - {904F81D7-97E6-851A-D847-4FBDB4C8BA44} - (no file)
O2 - BHO: (no name) - {905E9880-1145-1A4A-DCBB-499FB8DBD544} - (no file)
O2 - BHO: (no name) - {91EF62AC-1515-4102-869D-7CF17FBD48DC} - (no file)
O2 - BHO: (no name) - {92D83A26-147B-6F87-83E4-B271371785C1} - (no file)
O2 - BHO: (no name) - {92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} - (no file)
O2 - BHO: (no name) - {93A76267-BBF8-F259-1DFD-288F62ABB57A} - (no file)
O2 - BHO: (no name) - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - (no file)
O2 - BHO: (no name) - {95ABB26D-0589-E8EC-C50A-38E6173427BB} - (no file)
O2 - BHO: (no name) - {97DAA3DE-A992-3146-9C21-5C71F1A38D2F} - (no file)
O2 - BHO: (no name) - {9C14570E-C711-B563-668F-D61F758B8DC8} - (no file)
O2 - BHO: (no name) - {9C1B2B2A-8963-C92B-AF30-4849E4570A9A} - (no file)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: (no name) - {A00A88C7-A514-E182-91E9-99A99BF6A8ED} - (no file)
O2 - BHO: (no name) - {A010DBE2-CC3D-9634-88DD-0AC37058D49B} - (no file)
O2 - BHO: (no name) - {A1964848-A676-8EE9-B32C-A6ED9A744A5D} - (no file)
O2 - BHO: (no name) - {A4318BE1-E66F-7DB1-18C4-93375E85F230} - (no file)
O2 - BHO: (no name) - {A4ABF050-EDD0-852F-9DD7-BB315E8F9B10} - (no file)
O2 - BHO: (no name) - {A5B63DB0-4FD1-B093-44A8-88BE2BEF4E51} - (no file)
O2 - BHO: (no name) - {A7595DD0-954D-787A-73FC-769C95DF9F01} - (no file)
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {AB77F30E-CC3F-1EA0-E66E-6D532CEBCD73} - (no file)
O2 - BHO: (no name) - {B350B320-1213-0178-102C-597DCA0FED05} - (no file)
O2 - BHO: (no name) - {B4B127D9-941C-DF50-6E09-19E9881B830A} - (no file)
O2 - BHO: (no name) - {BB872B4B-124D-4ED9-CC72-C74EE5D773B1} - (no file)
O2 - BHO: (no name) - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - (no file)
O2 - BHO: (no name) - {C46EE6A8-1C15-E426-E079-3B788A30CE86} - (no file)
O2 - BHO: (no name) - {C5E8C587-C8CE-B9E4-A46D-4A964ACA52C8} - (no file)
O2 - BHO: (no name) - {C6819314-0DB4-9E5D-89AB-47AE654BCAD9} - (no file)
O2 - BHO: (no name) - {CEEC69B5-0380-F78A-088D-A205E618F50B} - (no file)
O2 - BHO: (no name) - {DB020AF9-841B-9034-C5AE-896313657679} - (no file)
O2 - BHO: (no name) - {DE5181D0-D4B3-30B2-F78B-396EEB9DB32D} - (no file)
O2 - BHO: (no name) - {DF3BE5CE-D281-B797-4E38-0CF845455DD4} - (no file)
O2 - BHO: (no name) - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - (no file)
O2 - BHO: (no name) - {E67AAEA4-63EA-88A3-538E-D852FAE59639} - (no file)
O2 - BHO: (no name) - {E6F23682-174F-AF3C-0738-3DEF6F7B9091} - (no file)
O2 - BHO: (no name) - {E7CC13A0-C17A-E73C-C5F4-4063F1965717} - (no file)
O2 - BHO: (no name) - {E8C9ADD5-CA09-D0FC-4AA0-02602550DB38} - (no file)
O2 - BHO: (no name) - {EC6769E7-72FF-CFC6-4623-8D56AA16A3B9} - (no file)
O2 - BHO: (no name) - {F0FEAC69-B908-0A98-E707-86A79716D60E} - (no file)
O2 - BHO: (no name) - {F252B597-9791-2380-904F-55CD7338EA24} - (no file)
O2 - BHO: (no name) - {F3E402C1-7CDD-A508-5E40-1F3CA6FC89B1} - (no file)
O2 - BHO: (no name) - {F4B4FBD7-AC73-6514-57E2-B85681F800B5} - (no file)
O2 - BHO: (no name) - {F4CB7C39-0C3C-C715-7E2F-0A007AC6D839} - (no file)
O2 - BHO: (no name) - {F69AA0DB-F421-F1A5-FE7E-80CCFBC0B008} - (no file)
O2 - BHO: (no name) - {F741EAF7-6D33-0ABE-BCF4-5C3371DBD34A} - (no file)
O2 - BHO: (no name) - {F9DA97FE-F0E5-E090-AD3F-ADF726067B86} - (no file)
O2 - BHO: (no name) - {FA30FBE1-2D6A-60CB-19A0-CC0872CC2F67} - (no file)
O2 - BHO: (no name) - {FC979FB4-4338-6B9C-818A-B1BB3202A5E7} - (no file)
O2 - BHO: (no name) - {FDD2AC6A-B7E4-6D04-F3CF-9A9B7D9CE11A} - (no file)
O2 - BHO: (no name) - {FEE368F6-CDED-E405-5743-6CA2066D78A7} - (no file)
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [Netscape] C:\Program Files\Common Files\ISPCOMP\InstallService.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RamBooster] C:\Program Files\RamBooster 2.0\Rambooster.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/as...rl/LSSupCtl.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1144546731609
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} (Symantec Download Bridge) - https://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe (file missing)
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: SmartFinder Uninstall (SmartFinder_Uninstall) - Unknown owner - C:\Documents and Settings\Elizabeth Batt\Desktop\SFUninstaller.exe" service (file missing)
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Again, the 'BHO No Name' files are still coming back.

Thank you for your help--any further instructions?

#15 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:04:17 PM

Posted 24 June 2006 - 08:34 PM

Run http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

Post a new HiJackThis log along with the results from Kaspersky scan
Post the log from normal not safe mode
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users