ey..help..(RESOLVED)
-
ey..help..(RESOLVED)
..help..recently everytime i open my documents or my computer or similar desktop windows..i get stuck..it keeps happening..im not sure how to fix it..em...computer was fine b4..but a few days ago i recieved a cd frm a friend with mp3 files i uploaded these files to my comp..and apparently wen i uploaded the songs to my comp..a worm was transfered too.. W32.Alcra.B ..i found out wen i scanned..so i got rid of the worm..but now i keep havn a prob wen i open my documents, my computer and the alike it always gets stuck after a few seconds..im not sure wat to do now..pls help..heres the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 2:51:53 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\LOBO\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.friendster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm409YYAE
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MARLYN\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/down...BAuthentic.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143872505343
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-
Welcome,
It looks like you still have some left overs from the alcan worm.
Download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program- Once you have downloaded Ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
- Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'. Right click on ewido in the system tray and uncheck "Start with Windows".
- Go to Start > Run and type: services.msc
- Press "OK".
- In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
- When you find the guard service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Manual".
- Now click "Apply", then "OK" and close the Services window.
- Once the setup is complete you will need run ewido and update the definition files.
- On the main screen select the icon "Update" then select the "Update now" link.
- Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, manually update with the Ewido Full database installer from here.
[*]Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.[*]Once in the Settings screen click on "Recommended actions" and then select "Quarantine".[*]Under "Reports"- Select "Automatically generate report after every scan"
- Un-Select "Only if threats were found"
Close ewido anti-spyware Do Not run a scan yet.
Click My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"
Please download Brute Force Uninstaller to your desktop.- Right click the BFU folder on your desktop, and choose Extract All
- Click "Next"
- In the box to choose where to extract the files to,
- Click "Browse"
- Click on the + sign next to "My Computer"
- Click on "Local Disk (C
or whatever your primary drive is - Click "Make New Folder"
- Type in BFU
- Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).
Do not run the Uninstaller and the Remover yet.
Please reboot into Safemode:
Turn on the computer.
Immediately begin tapping the F8 key.
Use the arrow keys to highlight Safe Mode and press the Enter key.
- Lauch ewido anti-spyware by double-clicking the icon on your desktop.
- Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
- ewido will now begin the scanning process, be patient this may take a little time.
Once the scan is complete do the following: - If you have any infections you will prompted, then select "Apply all actions"
- Next select the "Reports" icon at the top.
- Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system. Make sure to remember where you save that file.
Now close ewido anti-spyware..
Open My Computer and navigate to the c:\BFU folder. Start the Brute Force Uninstaller by doubleclicking BFU.exe
Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
Press execute and let it do its job.
Wait for the complete script execution box to pop up and press OK.
Press exit to terminate the BFU program.
Reboot normal mode and post a new hijackthis log. Thanks.
-
k...i followed ur instructions..here is the new hijack log
Logfile of HijackThis v1.99.1
Scan saved at 10:54:38 PM, on 9/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\LOBO\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.friendster.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm409YYAE
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MARLYN\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/down...BAuthentic.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143872505343
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-
HI,
That looks better.
Next step:
To clean your temp folder, recycle bin, etc..please download this free tool:
CCleaner
Don't install any Toolbars, or other programs, should it ask you!Just uncheck the option of installing the Yahoo toolbar.
It will put a shortcut on your Desktop.
Before first use:
Select Options then Advanced.
UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
Click on CCleaner to start it. Then click "Run Cleaner", just use the windows tab up front by default.
Then Reboot (Exit)
Then...
Go here BitDefender and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.
When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All then copy/paste that log back here. Post back and let us know what it found (post the log).
And post a new HJT log also..
How is your computer behaving now?
-
..sorry i went on holiday...here i did as u said..
Logfile of HijackThis v1.99.1
Scan saved at 9:33:57 PM, on 10/8/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Documents and Settings\LOBO\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [StarSkin] C:\PROGRAM FILES\ROCKET DIVISION SOFTWARE\STARSKIN\STARSKIN.EXE -H
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ChikkaDefault] C:\Program Files\Chikka V4\\ChikkaLauncher.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm409YYAE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MARLYN\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/down...BAuthentic.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143872505343
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
BitDefender Online Scanner
Scan report generated at: Sun, Oct 08, 2006 - 21:28:14
Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;
Statistics
Time
01:52:27
Files
544276
Folders
6490
Boot Sectors
4
Archives
8442
Packed Files
56152
Results
Identified Viruses
10
Infected Files
14
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
25
Engines Info
Virus Definitions
474418
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
38
Unpack plugins
6
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\078043AA.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\078043AA.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\078043AA.exe=>(Quarantine-2)
Deleted
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07836DA7.exe=>(Quarantine-2)
Infected with: Win32.Vb.AN@mm
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07836DA7.exe=>(Quarantine-2)
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\07836DA7.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP69\A0033622.exe
Infected with: Trojan.Funweb.B
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP69\A0033622.exe
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP69\A0033622.exe
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP71\A0034750.exe
Infected with: Trojan.Funweb.B
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP71\A0034750.exe
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP71\A0034750.exe
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039984.exe=>(Quarantine-2)
Infected with: Win32.Worm.Mybot.EY
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039984.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039984.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039985.exe=>(Quarantine-2)
Infected with: Win32.Worm.Mybot.EY
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039985.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039985.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039986.exe=>(Quarantine-2)
Infected with: Backdoor.1053.A
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039986.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP91\A0039986.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041096.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.PD
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041096.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041096.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041099.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.Istbar.MX
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041099.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041099.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041102.dll=>(Quarantine-2)
Infected with: Generic.Istbar.B11D1FA7
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041102.dll=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041102.dll=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041104.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.OL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041104.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041104.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041105.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.RB
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041105.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041105.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041106.exe=>(Quarantine-2)
Infected with: Trojan.Downloader.IstBar.RB
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041106.exe=>(Quarantine-2)
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP96\A0041106.exe=>(Quarantine-2)
Deleted
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP99\A0042015.exe
Infected with: Backdoor.Virkel.A
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP99\A0042015.exe
Disinfection failed
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP99\A0042015.exe
Deleted
-
Looking much better. Any better?
Open Hijackthis.
Click the "Open the Misc Tools" section Button.
Click the "Open Uninstall Manager" Button.
Click the "Save list..." Button.
Save it to your desktop. Copy and paste the contents into your reply.
And a new hiajckthis log.
-
em..its gettn stuck up much less..much once in a while it gets stuck up again..here...
Acer eConsole
Acer eMode Management
Adobe Flash Player 9 ActiveX
Adobe Photoshop 7.0
Adobe Reader 7.0
Adobe Shockwave Player
Agere Systems PCI Soft Modem
ATI Display Driver
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
DivX
DivX Converter
DivX Player
DivX Web Player
Download Accelerator Plus (DAP)
Encarta Encyclopedia 99
Encyclopaedia Britannica 2005 Ready Reference CD
EuroTalk Talk Now Multi-Language
GdiplusUpgrade
Google Earth
Haali Media Splitter
Harry Potter TM
HijackThis 1.99.1
HP Image Zone 3.5
HP PSC & OfficeJet 3.5
HP Software Update
Image Resizer Powertoy for Windows XP
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 6
LimeWire 4.12.6
LiveUpdate 3.0 (Symantec Corporation)
Max Data Recovery 1.65
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Professional
Microsoft Office FrontPage 2003
mIRC
MSN
MSN Music Assistant
MSRedist
Nero 6 Ultra Edition
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2006
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2006 (Symantec Corporation)
Norton Protection Center
Norton WMI Update
Norton WMI Update
NTI Backup NOW! 4
NTI CD & DVD-Maker
NTI HomeVideo-Maker
overland
PowerDVD
Ragnarok Extreme
Ragnarok Sakray
Real Alternative 1.50
Realtek High Definition Audio Driver
RollerCoaster Tycoon Deluxe
SPBBC
The Sims House Party
The Sims Livin' Large
USB Camera IC300
VideoLAN VLC media player 0.8.5
WinAce Archiver
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
WinXMedia AVI/WMV 3GP Converter 2.0
WinZip
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
-
From the add/remove program, if DAP is the free version I suggest you uninstall that plus Limewire.
Reboot if uninstalled
Download, install and scan with the 15-day free trial of Sunbelt CounterSpy.
CounterSpy User Guide.
1. When Counterspy completes its scan, the "Scan Results" box will appear.
2. Click on "View Results".
3.Under (Recommended Action), using the drop down menu arrows at the side of each entry found, set EVERYTHING to "Remove".
4. Click on "Take Action".
5. Once everything has been removed, click on "View Details".
6. Copy and Paste the details into a text document and save it to your desktop.
7. Exit Counterspy and post the results in your next reply.
Plus a new hijackthis log. Thanks.
-
...i kinda made a mistake ..the first time i scanned i forgot to remove all..sme were ignored so i did the scan twice..
heres the 1st one:
Spyware Scan Details
Start Date: 10/11/2006 6:20:18 PM
End Date: 10/11/2006 7:01:14 PM
Total Time: 40 mins 56 secs
Detected spyware
PowerReg Scheduler Spyware more information...
Details: Registration system used by some legitimate software programs.
Status: Quarantined
Infected files detected
C:\Documents and Settings\LOBO\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
MyWebSearch Toolbar Potentially Unwanted Software more information...
Details: WebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Ignored
Infected files detected
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033239.dll
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033240.scr
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033243.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033247.SCR
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033248.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033249.EXE
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033252.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033257.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040642.dll
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040644.scr
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040648.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040653.SCR
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040655.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040656.EXE
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040659.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040664.DLL
Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch\bar
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{741 DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar HistoryDir C:\Program Files\MyWebSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CacheDir C:\Program Files\MyWebSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar SettingsDir C:\Program Files\MyWebSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Dir C:\Program Files\MyWebSearch\bar\
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search http://edits.mywebsearch.com/toolbar...p=ZCxdm409YYAE
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Search Contexts
HKEY_CURRENT_USER\Software\MyWebSearch
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib {29D67D3C-509A-4544-903F-C8C1B8236554}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
BearShare P2P more information...
Details: BearShare is a file sharing network. The free version installs a number of known spyware and adware programs.
Status: Ignored
Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command blank
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharec hatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharec hatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Program Files\BearShare
HKEY_LOCAL_MACHINE\software\classes\gnufile
HKEY_LOCAL_MACHINE\software\classes\gnufile\shell\ open\command blank
HKEY_LOCAL_MACHINE\software\classes\gnufile gnutella
HKEY_LOCAL_MACHINE\software\classes\gnufile BrowserFlags 8
HKEY_LOCAL_MACHINE\software\classes\gnufile EditFlags 65536
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0 df2-3a0a-4d94-853c-54a12a745905}
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0 df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0 df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0 df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_LOCAL_MACHINE\software\classes\typelib\{905d0 df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_USERS\.default\appevents\eventlabels\bearshar echatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearshar echatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearsha re
HKEY_USERS\.default\appevents\schemes\apps\bearsha re\BearShareChatNotifyMsg\.Current C:\Program Files\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearsha re BearShare
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg
HKEY_USERS\s-1-5-18\appevents\eventlabels\bearsharechatnotifymsg Chat Message Waiting
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare\BearShareChatN otifyMsg\.Current C:\Program Files\BearShare\sounds\notify.wav
HKEY_USERS\s-1-5-18\appevents\schemes\apps\bearshare BearShare
FunWebProducts Adware Bundler more information...
Details: Fun Web Products bundles adware software in its products.
Status: Ignored
Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 007F79E9.urr
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\CursorLoader CursorFile 0088C85B.dat
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 007F79E9.urr
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\...dassr...sloth...\...da ssr...sloth... YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\...jun!!!...damn cute!...u cant sing!..but still damn cute nerd!..bwahahhaha.....\...jun!!!...damn cute!...u cant sing!..but still damn cute nerd!..bwahahhaha..... YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\...o.o...\...o.o... YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\..damn u.... die!..diee!!!!!!!!!!!..(--.)..\..damn u.... die!..diee!!!!!!!!!!!..(--.).. YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\..found a reason 2 be strong, ur the 1's always n my heart, my frnds, everytyme u cal my name, ill be ther, no mater how far...\..found a reason 2 be strong, ur the 1's always n my
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..0.o..]\.::.[DeAd pRoMiSeS].::.[..0.o..] YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..omg!...everybdy in msn messenger is dead!..]\.::.[DeAd pRoMiSeS].::.[..omg!...everybdy in msn messenger is dead!..] YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..omg!..i so..wana watch "The Lake House"..!..the trailer so nice..damn..i got no money..*sniff*]\.::.[DeAd pRoMiSeS].::.[..omg!..i so..wana watch "The Lake
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..stupid AC ppl..make house so cold..0.o...]\.::.[DeAd pRoMiSeS].::.[..stupid AC ppl..make house so cold..0.o...] YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[F*ckn KARMA...damn u!..].::.[..nails for breakfast and tacks for snack.yummy....](..frekin karma is attackn me!..)\.::.[F*ckn KARMA...damn u!..].::.[..nails for breakfast and
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[LuCiFeRs-AnGeL].::.\.::.[LuCiFeRs-AnGeL].::. YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[LuCiFeRs-AnGeL].::.[...NaiLs FoR BrEaKfAsT, aNd TaCkS FoR SnAcKs..mmmmmm..YuM...]\.::.[LuCiFeRs-AnGeL].::.[...NaiLs FoR BrEaKfAsT, aNd TaCkS FoR SnAcKs..mmmmmm..YuM...] YourIc
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nails for breakfast and tacks for snack..mm...yummy.....]\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nails for breakfast and tacks
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nails for breakfast and tacks for snack.yummy....](..frekin karma is attackn me!..)\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nail
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\-=†:+:???[g.i.e]???:+:†=-[lookingforanapartmentroomtorentinabudhabi,l/namepls] MessageCount 1
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\-=†:+:???[lordofpsp]???:+:†=-[lookingforanapartmentroomtorentinabudhabi,l/namepls] MessageCount 98
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\??? MessageCount 26
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\anggwapotlaganimatsumotojun! !!!! MessageCount 32
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\damnationimhavingprobelmswit hmsn>.< MessageCount 99
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\don'tstayinyourownworldforto olong--pretendingisjustgoingtokillyou---makeupyourmind--itsforyourowngood... MessageCount 153
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\DuSsK_LuSt MessageCount 20
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\eatingcyalater MessageCount 36
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\haiz...owaysdaydreamzz MessageCount 47
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\imwithvirginmary........ MessageCount 2
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\itsnotthepaininsideofmeitsth epainoutsideofmyheartthathurtssobadly MessageCount 15
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\kimiwapetto...meow<3watashiw aneko^^kawaiineko^^ MessageCount 7
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\notfeelingwell..allstartedwi thaharmlesschocolatethatmademytummyache..nowifeell ikepuking..anifeelrathersick MessageCount 4
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\shadowspark_29@hotmail.com MessageCount 77
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\[davidthefreezer]??? MessageCount 1
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\·#·$7[~1d134m~]·$·#·#·$37..she'slikeagenie·$·$46thatgrantsme·$·$5 5allmywishes..·$·#·0 MessageCount 9
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\†devilmaycry† MessageCount 51
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger SessionCount 162
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger SessionTimestamp 13674531
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo\BuddyIcons\rachee_dolphin_10\rachee_dolphin _10 YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo\BuddyIcons\tigeress_mjl\tigeress_mjl YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo SessionCount 38
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo SessionTimestamp 126875
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings UID F0BA4FC9-E569-44FB-9A63-E4C2AAB0ED61
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam234
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam105
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam101
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam129
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products CacheDir C:\Program Files\FunWebProducts\Shared\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Program Files\FunWebProducts\ScreenSaver\Images\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn LastHTMLMenuURL http://www.mywebface.com/menus/SmileyChooser_en.html.gz
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CacheDir C:\Program Files\FunWebProducts\Installr\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er Dir C:\Program Files\FunWebProducts\Installr\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\CursorLoader Dir C:\Program Files\FunWebProducts\Shared\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Program Files\FunWebProducts\ScreenSaver\Images\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver PM efkfpetrqjgksgnteltlofgnoiiiiqkngkmimlfhsnfeogokhe hfhghhhihjhkhlhmhnifigihiiijik
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn HTMLMenuRevision 154
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn ETag "286fe0f-a698-450858aa"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn LastHTMLMenuURL http://www.funwebproducts.com/BuddyIconChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn HTMLMenuRevision 154
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\FunBuddyIconBtn ETag "283c726-3cff-43ff65cc"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn LastHTMLMenuURL http://www.mywebface.com/menus/MyFunCards_en.html.gz
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn HTMLMenuRevision 154
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\MyFunCardsIMBtn ETag "238da2d-14c6-43e7d704"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextNone.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqNone -1|1|0|0|0|0|0|0|0|0|1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyTextUninstalled.0 Your buddy has a new Buddy Icon. @LTEXT0@Take a look!@LTEXT1@ @LINK0@http://buddies.funbuddyicons.com/@LINK1@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos BuddyFreqUninstalled -1|1|0|0|0|0|0|0|0|0|1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive2 7
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.2 You just received a smiley! Want to see it? Click here now! @LINK@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.3 Sweet - your buddy just sent you a Smiley! Click this link! @LINK@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.4 Your buddy sent you a Super Smiley! Click here to see it! @LINK@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.5 Oh no! Your friend sent you a smiley, but you need Smiley Central to see it. Click this link to get it! @LINK@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.6 Hey - I just sent you a Super Smiley! Download Smiley Central to see it: @LINK@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.7 Your friend has sent you a Talking Smiley. Click: @LINK@
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuPosDeleted 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn LastHTMLMenuURL http://www.mywebface.com/menus/SmileyChooser_en.html.gz
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn HTMLMenuRevision 154
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn ETag "2a6a918-1ca60-4509c45c"
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn msnmsgr.exe.pos 1,20
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products JpegConversionLib C:\Program Files\MyWebSearch\bar\3.bin\F3CJPEG.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products CacheDir C:\Program Files\FunWebProducts\Shared\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er Dir C:\Program Files\FunWebProducts\Installr\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CurInstall 12
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CacheDir C:\Program Files\FunWebProducts\Installr\Cache\
My Way Speedbar Browser Plug-in more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Ignored
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB824 8-617F-460d-9366-D71CDEDA3179}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB824 8-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9AFB824 8-617F-460d-9366-D71CDEDA3179}
Download Accelerator Plus Low Risk Adware more information...
Details: Download Accelerator Plus (DAP) is an advertising-supported download manager program from SpeedBit.com.
Status: Ignored
Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF}
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df}\TypeLib Version 1.5
HKEY_LOCAL_MACHINE\software\classes\interface\{823 51440-9094-11d1-a24b-00a0c932c7df} IAniGIF
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\TypeLib {82351433-9094-11D1-A24B-00A0C932C7DF}
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000}\TypeLib Version 1.5
HKEY_LOCAL_MACHINE\software\classes\interface\{525 2ac41-94bb-11d1-b2e7-444553540000} IAniGIFEvents
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\TypeLib {5FE38345-35A8-11D3-BD27-000021C9A4D9}
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{f32 c7705-1dad-4b09-b60a-40f1d9b3dbc9} ICatcher
WhenU.SaveNow Adware more information...
Details: an advertising application that displays pop-up advertising on the desktop in response to users' surfing behavior.
Status: Quarantined
Infected registry entries detected
HKEY_LOCAL_MACHINE\software\classes\interface\{c28 5d18d-43a2-4aef-83fb-bf280e660a97}
HKEY_LOCAL_MACHINE\software\classes\interface\{c28 5d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c28 5d18d-43a2-4aef-83fb-bf280e660a97}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_LOCAL_MACHINE\software\classes\interface\{c28 5d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib {905D0DF2-3A0A-4D94-853C-54A12A745905}
HKEY_LOCAL_MACHINE\software\classes\interface\{c28 5d18d-43a2-4aef-83fb-bf280e660a97}\TypeLib Version 1.0
HKEY_LOCAL_MACHINE\software\classes\interface\{c28 5d18d-43a2-4aef-83fb-bf280e660a97} ILoader
iSearch.DesktopSearch Spyware more information...
Details: Removes the users access to use Windows Search and replaces it with C:\WINDOWS\isrvs\desktop.exe.
Status: Quarantined
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\policies\Ext\CLSID {17492023-C23A-453E-A040-C7C580BBF700} 1
Adw.MyGlobalSearch.Toolbar Toolbar more information...
Details: Adw.MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Ignored
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Program Files\MyGlobalSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Program Files\MyGlobalSearch\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id F7E4B3EB-EFC1-4F82-A188-DE2C148F8829
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Program Files\MyGlobalSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Program Files\MyGlobalSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Program Files\MyGlobalSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006080807
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530
Adw.BestOffersNetworks.RecordNRip Adware more information...
Details: Adw.BestOffersNetworks.RecordNRip is a crippled version of software which purports to allow a user to record music from their PC. This application alone does not present a threat, but is installed with several adware threats.
Status: Quarantined
Infected files detected
c:\windows\system32\nctaudiocdgrabber2.dll
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\ProgID NCTAudioCDGrabber2.AudioCDGrabber2.1
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4}\VersionIndependentProgID NCTAudioCDGrabber2.AudioCDGrabber2
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AudioCDGrabber2 Class
HKEY_CLASSES_ROOT\CLSID\{5EB0259D-AB79-4ae6-A6E6-24FFE21C3DA4} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 C:\WINDOWS\system32\NCTAudioCDGrabber2.dll
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\ProgID NCTAudioCDGrabber2.FreeDBInformation2.1
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\TypeLib {81CA8FCD-1420-4A07-B47D-B30F3DDA79E1}
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}\VersionIndependentProgID NCTAudioCDGrabber2.FreeDBInformation2
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} FreeDBInformation2 Class
HKEY_CLASSES_ROOT\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B} AppID {AD71F65D-CD13-4837-A2DC-E4D90020E7D4}
Alexa Toolbar Potential Privacy Risk more information...
Details: Alexa is a free, ad-based product which installs itself into your Internet Explorer or Netscape browser. It ads a bar which has a series of links into your browser which gives quite a bit of information about each web page that you visit.
Status: Ignored
Infected registry entries detected
HKEY_CLASSES_ROOT\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
HKEY_CLASSES_ROOT\Component Categories\{00021494-0000-0000-C000-000000000046}\Enum
TribalFusion.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@tribalfusion[1].txt
QuestionMarket.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@questionmarket[2].txt
ATDMT.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@atdmt[2].txt
Cok.AssasinTrojan2.0 Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@statcounter[2].txt
Bravenet.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@bravenet[1].txt
IndexTools.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@indextools[2].txt
247RealMedia.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@247realmedia[1].txt
Overture.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@overture[1].txt
GeoCities Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@geocities[1].txt
Cok.PriceBandit Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@apmebf[2].txt
SpyLog.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@spylog[2].txt
HotLog.ru Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@hotlog[2].txt
Com.com Cookie more information...
Details: Redirects to cnet.com
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@com[1].txt
Cok.ad.yieldmanager Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@ad.yieldmanager[1].txt
FastClick.com Cookie more information...
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@fastclick[2].txt
DoubleClick Cookie more information...
Details: DoubleClick is a popular ad serving network that uses spyware cookies, to target advertising.
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@doubleclick[2].txt
then i did the 2nd time..
Spyware Scan Details
Start Date: 10/16/2006 12:58:27 PM
End Date: 10/16/2006 2:54:40 PM
Total Time: 1 hrs 56 mins 13 secs
Detected spyware
LimeWire P2P Program more information...
Status: Deleted
Infected files detected
C:\StubInstaller.exe
MyWebSearch Toolbar Potentially Unwanted Program more information...
Details: MyWebSearch Toolbar is a customizable Internet Explorer search toolbar with various other tools.
Status: Deleted
Infected files detected
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033239.dll
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033241.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033243.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033244.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033245.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033246.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033248.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033249.EXE
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033250.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033251.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033252.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033255.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033257.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033260.EXE
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033369.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033370.dll
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033371.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033372.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033374.exe
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033375.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033376.dll
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040641.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040642.dll
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040643.dll
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040646.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040648.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040649.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040650.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040651.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040652.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040654.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040655.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040656.EXE
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040657.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040658.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040659.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040662.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040664.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040667.exe
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040668.DLL
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040673.exe
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040674.dll
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}\TreatAs {63D0ED2C-B45B-4458-8B3B-60C69BBBD83C}
HKEY_CLASSES_ROOT\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}
HKEY_CLASSES_ROOT\CLSID\{A4730EBE-43A6-443e-9776-36915D323AD3}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CURRENT_USER\Software\MyWebSearch
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32 {00020420-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib {29D67D3C-509A-4544-903F-C8C1B8236554}
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC} IMonitorEvents
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32 {00020424-0000-0000-C000-000000000046}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib {E47CAEE0-DEEA-464A-9326-3F2801535A4D}
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib Version 1.0
HKEY_CLASSES_ROOT\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF} IF3PopupMenu
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation CODEBASE http://ak.exe.imgfarm.com/images/noc...up1.0.0.15.cab
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\DownloadInformation INF C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InstalledVersion 1,0,0,15
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\InstalledVersion LastModified Thu, 14 Jul 2005 22:18:55 GMT
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} SystemComponent 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} Installer MSICD
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pid ZCxdm409YYAE
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Dir C:\Program Files\MyWebSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar PluginPath C:\Program Files\MyWebSearch\bar\3.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CurInstall 3
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar SettingsDir C:\Program Files\MyWebSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Id ADAB9099-5F01-4D35-BAF7-AC767A479D3A
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar CacheDir C:\Program Files\MyWebSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar HTMLMenuRevision 154
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sscSet 4
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sscLabel My Web Search
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar sscURL http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZCxdm409YYAE&fl=0&ptb=mZCrrTVNAV 92rPe6Op1Heg&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar Flags 8722
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar HistoryDir C:\Program Files\MyWebSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\bar ConfigDateStamp 2006090808
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant pid ZCxdm409YYAE
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant Dir C:\Program Files\MyWebSearch\SrchAstt\
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant esh 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant lsp
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant CurInstall 3
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant Id 61EC2585-04AE-4192-B711-5ECA572E7CEC
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant ABS http://www.mywebsearch.com/jsp/cfg_r...ANY&searchfor=
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant DES http://www.mywebsearch.com/jsp/cfg_r...DNS&searchfor=
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant eintl 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant fs 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SearchAssi stant ConfigDateStamp 2006090808
HKEY_LOCAL_MACHINE\SOFTWARE\MyWebSearch\SkinTools PlayerPath "C:\Program Files\MyWebSearch\bar\3.bin\m3SkPlay.exe"
FunWebProducts Potentially Unwanted Program more information...
Details: Fun Web Products bundles adware software in its products.
Status: Deleted
Infected files detected
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033240.scr
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP67\A0033247.SCR
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040644.scr
C:\System Volume Information\_restore{CB95CD87-4624-4880-BF1B-7938A782E382}\RP93\A0040653.SCR
Infected registry entries detected
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 007F79E9.urr
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\CursorLoader CursorFile 0088C85B.dat
HKEY_CURRENT_USER\SOFTWARE\Fun Web Products\ScreenSaver ImagesFile 007F79E9.urr
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\...dassr...sloth...\...da ssr...sloth... YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\...jun!!!...damn cute!...u cant sing!..but still damn cute nerd!..bwahahhaha.....\...jun!!!...damn cute!...u cant sing!..but still damn cute nerd!..bwahahhaha..... YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\...o.o...\...o.o... YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\..damn u.... die!..diee!!!!!!!!!!!..(--.)..\..damn u.... die!..diee!!!!!!!!!!!..(--.).. YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\..found a reason 2 be strong, ur the 1's always n my heart, my frnds, everytyme u cal my name, ill be ther, no mater how far...\..found a reason 2 be strong, ur the 1's always n my
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..0.o..]\.::.[DeAd pRoMiSeS].::.[..0.o..] YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..omg!...everybdy in msn messenger is dead!..]\.::.[DeAd pRoMiSeS].::.[..omg!...everybdy in msn messenger is dead!..] YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..omg!..i so..wana watch "The Lake House"..!..the trailer so nice..damn..i got no money..*sniff*]\.::.[DeAd pRoMiSeS].::.[..omg!..i so..wana watch "The Lake
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[DeAd pRoMiSeS].::.[..stupid AC ppl..make house so cold..0.o...]\.::.[DeAd pRoMiSeS].::.[..stupid AC ppl..make house so cold..0.o...] YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[F*ckn KARMA...damn u!..].::.[..nails for breakfast and tacks for snack.yummy....](..frekin karma is attackn me!..)\.::.[F*ckn KARMA...damn u!..].::.[..nails for breakfast and
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[LuCiFeRs-AnGeL].::.\.::.[LuCiFeRs-AnGeL].::. YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[LuCiFeRs-AnGeL].::.[...NaiLs FoR BrEaKfAsT, aNd TaCkS FoR SnAcKs..mmmmmm..YuM...]\.::.[LuCiFeRs-AnGeL].::.[...NaiLs FoR BrEaKfAsT, aNd TaCkS FoR SnAcKs..mmmmmm..YuM...] YourIc
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nails for breakfast and tacks for snack..mm...yummy.....]\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nails for breakfast and tacks
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\BuddyIcons\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nails for breakfast and tacks for snack.yummy....](..frekin karma is attackn me!..)\.::.[The-Chronicles-of-a-Tortured-Soul].::.[..nail
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\-=†:+:???[g.i.e]???:+:†=-[lookingforanapartmentroomtorentinabudhabi,l/namepls] MessageCount 1
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\-=†:+:???[lordofpsp]???:+:†=-[lookingforanapartmentroomtorentinabudhabi,l/namepls] MessageCount 98
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\??? MessageCount 26
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\anggwapotlaganimatsumotojun! !!!! MessageCount 32
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\damnationimhavingprobelmswit hmsn>.< MessageCount 99
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\don'tstayinyourownworldforto olong--pretendingisjustgoingtokillyou---makeupyourmind--itsforyourowngood... MessageCount 153
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\DuSsK_LuSt MessageCount 20
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\eatingcyalater MessageCount 36
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\haiz...owaysdaydreamzz MessageCount 47
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\imwithvirginmary........ MessageCount 2
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\itsnotthepaininsideofmeitsth epainoutsideofmyheartthathurtssobadly MessageCount 15
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\kimiwapetto...meow<3watashiw aneko^^kawaiineko^^ MessageCount 7
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\notfeelingwell..allstartedwi thaharmlesschocolatethatmademytummyache..nowifeell ikepuking..anifeelrathersick MessageCount 4
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\shadowspark_29@hotmail.com MessageCount 77
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\[davidthefreezer]??? MessageCount 1
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\·#·$7[~1d134m~]·$·#·#·$37..she'slikeagenie·$·$46thatgrantsme·$·$5 5allmywishes..·$·#·0 MessageCount 9
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger\Friends\†devilmaycry† MessageCount 51
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger SessionCount 162
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \MSNMessenger SessionTimestamp 13674531
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo\BuddyIcons\rachee_dolphin_10\rachee_dolphin _10 YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo\BuddyIcons\tigeress_mjl\tigeress_mjl YourIcon none
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo SessionCount 38
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings \Yahoo SessionTimestamp 126875
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings UID F0BA4FC9-E569-44FB-9A63-E4C2AAB0ED61
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam234
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam105
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam101
HKEY_CURRENT_USER\SOFTWARE\FunWebProducts\Settings BinParam129
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products CacheDir C:\Program Files\FunWebProducts\Shared\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\ScreenSaver ImagesDir C:\Program Files\FunWebProducts\ScreenSaver\Images\
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\CursorManiaBtn LastHTMLMenuURL http://www.funwebproducts.com/CursorChooser.html
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.1 You just received a smiley! Go to @LINK@ to see it!
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\Promos MSN.numActive 1
HKEY_LOCAL_MACHINE\SOFTWARE\Fun Web Products\Settings\SmileyCentralBtn LastHTMLMenuURL http://www.mywebface.com/menus/SmileyChooser_en.html.gz
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CacheDir C:\Program Files\FunWebProducts\Installr\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er Dir C:\Program Files\FunWebProducts\Installr\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er Dir C:\Program Files\FunWebProducts\Installr\
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CurInstall 12
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CheckForConnection 1
HKEY_LOCAL_MACHINE\SOFTWARE\FunWebProducts\Install er CacheDir C:\Program Files\FunWebProducts\Installr\Cache\
BearShare P2P Program more information...
Details: BearShare is a peer-to-peer (P2P) application that allows its users to join together in a network via the Internet and share files from each other's hard drives.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\gnufile
HKEY_CLASSES_ROOT\gnufile\shell\open\command blank
HKEY_CLASSES_ROOT\gnufile gnutella
HKEY_CLASSES_ROOT\gnufile BrowserFlags 8
HKEY_CLASSES_ROOT\gnufile EditFlags 65536
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\0\win32 C:\Program Files\BearShare\RunMSC.dll
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\FLAGS 0
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0\HELPDIR C:\Program Files\BearShare\
HKEY_CLASSES_ROOT\typelib\{905d0df2-3a0a-4d94-853c-54a12a745905}\1.0 RunMSC 1.0 Type Library
HKEY_CURRENT_USER\appevents\eventlabels\bearsharec hatnotifymsg
HKEY_CURRENT_USER\appevents\eventlabels\bearsharec hatnotifymsg Chat Message Waiting
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare
HKEY_CURRENT_USER\appevents\schemes\apps\bearshare BearShare
HKEY_LOCAL_MACHINE\software\bearshare
HKEY_LOCAL_MACHINE\software\bearshare InstallDir C:\Program Files\BearShare
HKEY_USERS\.default\appevents\eventlabels\bearshar echatnotifymsg
HKEY_USERS\.default\appevents\eventlabels\bearshar echatnotifymsg Chat Message Waiting
HKEY_USERS\.default\appevents\schemes\apps\bearsha re
HKEY_USERS\.default\appevents\schemes\apps\bearsha re\BearShareChatNotifyMsg\.Current C:\Program Files\BearShare\sounds\notify.wav
HKEY_USERS\.default\appevents\schemes\apps\bearsha re BearShare
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 C:\Program Files\Common Files\System\ado\msadox.dll
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\InprocServer32 ThreadingModel Apartment
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\ProgID ADOX.Index.2.8
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E}\VersionIndependentProgID ADOX.Index.2.8
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ADOX.Index.2.8
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} TBtknsakzmnn `MSb{Ve[WJj^rXEsWM_
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} EVShfIv i|ZlBNSjIogzXMq}MLLzIxhOrfW
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} amqIbyu XNWGfOFPtenkGoS\Qml_wLz
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qMjQpyvxQ Cm}^BMnuufHA^}ZmrLas\yTU`Q
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xxek `voNuR`jX^{PMBqV
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} qzGdycro duROU[P^I]}lGMaC_Zb}^TrhlotwarPg
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} angZd Ufsh~KQuPmp|Jl\IHuWSEMbSD
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} xlocR ^R@NvsA@Y@qH~]Qzfkuqb{fFWEGy\
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} eniEyf VU_FvicUdKxUH\`zIalL\@
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} uaquhHq DwXRVqQmyQHzPtShGTjcl{y
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} mzrduxzt Ursybznxun`owQf]a~|Y_w|fWURrL
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} yeiip SRKYYSE`ngLl`M|Kj
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} ndStgG RkLVu`RjPgKf`~G^ywEsWzaB
HKEY_CLASSES_ROOT\CLSID\{558EC983-BEDB-9168-B2DE-31DBF0EE543E} VpenOGzQfm ~AKWDK`nr|~kGYwiYuh~^_x
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Version 5,2,3,5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} ComponentID BearShare
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} IsInstalled 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5F95E1AF-2620-4f15-BDF9-7FDCE4607E17} Locale EN
My Way Speedbar Potentially Unwanted Program more information...
Details: MyWay Speedbar is a search toolbar that installs into Internet Explorer and Netscape Navigator, adding search functions and popup blocking.
Status: Deleted
Infected registry entries detected
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}\TreatAs {A9571378-68A1-443d-B082-284F960C6D17}
HKEY_CLASSES_ROOT\CLSID\{9AFB8248-617F-460d-9366-D71CDEDA3179}
MyGlobalSearch.Toolbar Potentially Unwanted Program more information...
Details: MyGlobalSearch.Toolbar is an IE plugin with its own Search Field.
Status: Deleted
Infected registry entries detected
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pid IK
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Dir C:\Program Files\MyGlobalSearch\bar\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar PluginPath C:\Program Files\MyGlobalSearch\bar\1.bin\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CurInstall 1
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar sr 0
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar pl 9
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Id F7E4B3EB-EFC1-4F82-A188-DE2C148F8829
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar CacheDir C:\Program Files\MyGlobalSearch\bar\Cache\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar HistoryDir C:\Program Files\MyGlobalSearch\bar\History\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar SettingsDir C:\Program Files\MyGlobalSearch\bar\Settings\
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar ConfigDateStamp 2006080807
HKEY_LOCAL_MACHINE\SOFTWARE\MyGlobalSearch\bar Flags 530
Cookie: ATDMT.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@atdmt[2].txt
Cookie: FastClick.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@fastclick[2].txt
c:\documents and settings\marlyn\cookies\marlyn@media.fastclick[1].txt
Cookie: HotLog.ru Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@hotlog[1].txt
Cookie: TribalFusion.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@tribalfusion[1].txt
Cookie: Ajan 1.0 Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@xiti[1].txt
Cookie: CGI-Bin Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@cgi-bin[2].txt
Cookie: statcounter.com Cookie (General) more information...
Details: Cookies are small "data tags" that web sites store on PCs in order to recognize unique visitors. Cookies are used to identify returning visitors who have registered for special services; to measure and analyze visitors' use of web site features; to count
Status: Deleted
Infected cookies detected
c:\documents and settings\marlyn\cookies\marlyn@statcounter[2].txt
and here's the hijack log
Logfile of HijackThis v1.99.1
Scan saved at 3:11:37 PM, on 10/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\acer\Acer eConsole\MediaServerService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Acer\Acer eMode Management\AspireService.exe
C:\Program Files\Acer\Acer eConsole\MediaSync.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\eRecovery\Monitor.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Chikka V4\ChikkaLauncher.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.e xe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\MARLYN\Desktop\VisualBoyAdvance.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\LOBO\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [eRecoveryService] C:\Program Files\Acer\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [AspireService] C:\Program Files\Acer\Acer eMode Management\AspireService.exe
O4 - HKLM\..\Run: [MediaSync] C:\Program Files\Acer\Acer eConsole\MediaSync.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ChikkaDefault] C:\Program Files\Chikka V4\\ChikkaLauncher.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\RunOnce: [CounterSpyCleaner] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunASCleaner.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZCxdm409YYAE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\MARLYN\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {09883431-7429-11D5-8B69-0050049F5256} (VBAuthentic.Authentic) - https://www.metrobankdirect.com/down...BAuthentic.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1143872505343
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Acer Media Server - Acer Inc. - C:\Program Files\acer\Acer eConsole\MediaServerService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
-
Run hijackthis and click on scan button and put check next to this:
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolba...?p=ZCxdm409YYAE
Nothing open but hijackthis and click on fix checked.
How is your computer behaving now?
