Jump to content

PeterF1991

Members
  • Content Count

    26
  • Joined

  • Last visited

About PeterF1991

  • Rank
    Member
  1. Cleaned all the files and scanned. I couldn't find some of them but KillBox took care of those; here's the Kaspersky log: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Thursday, February 23, 2006 10:23:12 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 23/02/2006 Kaspersky Anti-Virus database records: 178230 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 69900 Number of viruses found: 46 Number of infected objects: 223 Number of suspicious objects: 0 Duration of the scan process: 00:56:37 Infected Object Name / Virus Name / Last Action C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP609\A0061154.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061634.exe Infected: Trojan-Downloader.Win32.Murlo.dd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061663.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061664.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061756.exe Infected: Trojan-Downloader.Win32.Murlo.dd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0062995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe RarSFX: infected - 6 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063027.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0003 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0006 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0007 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063033.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063161.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063162.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063163.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063164.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063165.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063166.exe Infected: Trojan.Win32.StartPage.ahg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063167.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063168.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063169.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063170.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063171.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063172.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063178.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063214.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063215.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063216.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063217.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063218.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063219.exe Infected: Trojan.Win32.Runner.h skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063261.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063262.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063278.exe Infected: Trojan-Downloader.Win32.Small.abd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063280.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063281.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063284.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063285.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063286.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063290.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063293.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063297.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063299.exe Infected: Trojan.Win32.Runner.h skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063300.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063310.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063311.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063312.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063313.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063315.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063316.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063317.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063318.exe Infected: Trojan-Clicker.Win32.VB.ld skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063323.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063325.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063327.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063330.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063331.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063332.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063334.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0003 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0006 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0007 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063337.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063338.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063340.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063341.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063342.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063346.exe Infected: Trojan-Downloader.Win32.Small.cam skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063347.exe Infected: Trojan-Downloader.Win32.VB.wy skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063363.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063371.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063372.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063373.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe CAB: infected - 5 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063378.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063416.exe Infected: Trojan-Downloader.Win32.VB.wd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064464.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064465.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064466.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064467.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064475.EXE:xtpzw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064478.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064479.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064480.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065483.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065484.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065485.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe CAB: infected - 5 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065498.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065506.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065507.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065508.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065509.exe Infected: Trojan-Downloader.Win32.Small.cam skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065511.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065513.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065514.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065527.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065528.exe Infected: Trojan-Downloader.Win32.Small.abd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065529.exe Infected: Trojan.Win32.Runner.h skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065531.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065532.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065533.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065534.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065535.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065537.exe Infected: Trojan-Downloader.Win32.VB.wy skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065538.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065539.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065630.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065635.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065636.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065637.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065638.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065644.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065645.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065646.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065647.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065648.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065649.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065650.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065651.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065652.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065653.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065654.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065693.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065694.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065695.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065696.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065790.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065791.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065792.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065793.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065800.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065804.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065805.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065806.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065808.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065826.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065827.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065828.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065830.exe Infected: Trojan-Clicker.Win32.VB.ld skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065831.exe Infected: Email-Worm.Win32.Wurmark.m skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065834.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065840.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065841.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065842.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065848.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065852.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065853.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065854.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP634\A0066037.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066058.exe Infected: Trojan-Downloader.Win32.VB.wd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066059.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066061.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066062.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066063.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066064.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066066.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066079.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066080.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066081.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066082.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066083.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066084.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066085.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066086.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066087.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066088.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066089.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066090.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0003 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0006 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe/data0007 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066091.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066092.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066093.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066094.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066095.exe Infected: Trojan-Dropper.Win32.Agent.k skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066096.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066097.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066098.exe Infected: Trojan-Clicker.Win32.VB.lg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066099.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066101.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066102.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066103.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066104.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066105.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066106.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066107.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066108.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066109.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066110.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066111.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066112.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066113.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066115.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066116.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066117.exe Infected: Trojan-Downloader.Win32.Murlo.dd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066118.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066119.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\WINDOWS\nsw.log:xgcnko:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped Scan process completed. And here's a new HJT scan: Logfile of HijackThis v1.99.1 Scan saved at 10:26:10 AM, on 2/23/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe I can see that Kaspersky still identifies some System Volume Information things... I haven't had any popups yet, the PC is running pretty well. Peter
  2. I fixed it in HJT, the file isn't present. But it seems to come back like it had in the last few HJT logs. I think it has something to do with KillBox because if you look at the first line of the log it shows it. Here's the new KasperSky log: ------------------------------------------------------------------------------- KASPERSKY ON-LINE SCANNER REPORT Wednesday, February 22, 2006 10:16:05 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 23/02/2006 Kaspersky Anti-Virus database records: 178192 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ Scan Statistics: Total number of scanned objects: 69631 Number of viruses found: 68 Number of infected objects: 324 Number of suspicious objects: 0 Duration of the scan process: 01:06:07 Infected Object Name / Virus Name / Last Action C:\!KillBox\rciacp.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\gjhz.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\a.zip.bac_a09012/Setup.exe Infected: Email-Worm.Win32.VB.an skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\a.zip.bac_a09012 ZIP: infected - 1 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\a.zip.bac_a09012 CryptFF.b: infected - 1 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061586.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.adx skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061625.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.adx skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061681.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061735.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061736.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061737.dll.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061738.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061746.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0061747.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062780.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062782.dll.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062783.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062784.exe.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062815.dll.bac_a09012 Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0062823.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063021.exe.bac_a09012 Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063025.exe.bac_a09012 Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063028.exe.bac_a09012 Infected: Trojan-Downloader.Win32.VB.wg skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063030.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Adload.l skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063031.exe.bac_a09012 Infected: Trojan-Downloader.Win32.VB.wd skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063034.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Small.cam skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\A0063061.exe.bac_a09012 Infected: Trojan-Dropper.Win32.Small.qn skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012/Counter.class Infected: Trojan.Java.ClassLoader.i skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012/VerifierBug.class Infected: Trojan.Java.ClassLoader.k skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012/Beyond.class Infected: Trojan.Java.ClassLoader.k skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012 ZIP: infected - 3 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ar3.jar-50c9a229-1df39cc7.zip.bac_a09012 CryptFF.b: infected - 3 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012/BlackBox.class Infected: Trojan.Java.ClassLoader.z skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012/VB.class Infected: Trojan.Java.ClassLoader.ak skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012 ZIP: infected - 3 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-3de836bf-3d99edaa.zip.bac_a09012 CryptFF.b: infected - 3 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/Mein.class Infected: Trojan.Java.ClassLoader.aj skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/ProbeLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/Beyond.class Infected: Trojan-Dropper.Java.Beyond.d skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012/binny/binny.class Infected: Trojan-Dropper.Java.Beyond.d skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012 ZIP: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\archive.jar-578db844-6d71b09b.zip.bac_a09012 CryptFF.b: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\awtss.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\backup-20050603-212304-190.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012 ZIP: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-19061f19-33a59cd1.zip.bac_a09012 CryptFF.b: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012 ZIP: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\classload.jar-521d0ae2-2338ce0a.zip.bac_a09012 CryptFF.b: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012 ZIP: infected - 3 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\count.jar-1e6c188d-1cc583e8.zip.bac_a09012 CryptFF.b: infected - 3 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\d3bn32.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ddayw.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ddcca.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\ieod32.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012 ZIP: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\msjld.jar-5fda7c69-1692e457.zip.bac_a09012 CryptFF.b: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\mssf.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.l skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/counter.class Infected: Trojan.Java.ClassLoader.b skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012 ZIP: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\nbb2.jar-668970d4-52b7ff9e.zip.bac_a09012 CryptFF.b: infected - 4 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_cxunsh.log.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_hwlzey.txt.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_khrgup.txt.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_ubgxlg.dat.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\n_wdmgtl.txt.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\p.zip.bac_a09012/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\p.zip.bac_a09012 ZIP: infected - 1 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\p.zip.bac_a09012 CryptFF.b: infected - 1 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\vtsqo.dll.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winlog.exe.bac_a09012 Infected: Backdoor.Win32.Rbot.gen skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winpj.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winrs32.exe.bac_a09012 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winsysban8.exe.bac_a09012 Infected: Trojan-Clicker.Win32.VB.lg skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\.housecall\Quarantine\winsysupd8.exe.bac_a09012 Infected: Trojan.Win32.StartPage.ahg skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20051225-171741-886.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060212-134544-968.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060212-134545-576-KVG.exe Infected: Trojan-Downloader.Win32.Murlo.22Feb2006 skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060212-172614-955.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\backups\backup-20060215-220358-845.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\Program Files\Jalmp\uninstall.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\Program Files\Network\network.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.y skipped C:\Program Files\wmplayer\p.zip/music.exe Infected: Email-Worm.Win32.Wurmark.m skipped C:\Program Files\wmplayer\p.zip ZIP: infected - 1 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP609\A0061154.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061634.exe Infected: Trojan-Downloader.Win32.Murlo.22Feb2006 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061663.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP620\A0061664.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061756.exe Infected: Trojan-Downloader.Win32.Murlo.22Feb2006 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP622\A0061757.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0062995.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.351 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whSurvey.exe Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe/data.rar Infected: not-a-virus:AdWare.Win32.WebHancer.381 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063024.exe RarSFX: infected - 6 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063027.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0003 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0006 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe/data0007 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063029.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP624\A0063033.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063161.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063162.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063163.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063164.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063165.dll Infected: Trojan-Downloader.Win32.Agent.pe skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063166.exe Infected: Trojan.Win32.StartPage.ahg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063167.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063168.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063169.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063170.dll Infected: Trojan-Downloader.Win32.Agent.yf skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063171.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063172.exe Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP626\A0063178.DLL Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063214.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063215.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063216.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063217.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063218.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP627\A0063219.exe Infected: Trojan.Win32.Runner.h skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063261.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063262.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063278.exe Infected: Trojan-Downloader.Win32.Small.abd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063280.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063281.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063284.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063285.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063286.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063290.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063293.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063297.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063299.exe Infected: Trojan.Win32.Runner.h skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063300.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063310.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063311.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063312.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063313.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063315.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063316.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063317.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063318.exe Infected: Trojan-Clicker.Win32.VB.ld skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063323.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063325.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063327.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063330.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063331.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063332.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063334.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0003 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0006 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe/data0007 Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063336.exe NSIS: infected - 4 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063337.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063338.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063340.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063341.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063342.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063346.exe Infected: Trojan-Downloader.Win32.Small.cam skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063347.exe Infected: Trojan-Downloader.Win32.VB.wy skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063363.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063369.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063371.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063372.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063373.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063374.exe CAB: infected - 5 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063378.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0063416.exe Infected: Trojan-Downloader.Win32.VB.wd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064464.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064465.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064466.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064467.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064475.EXE:xtpzw:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064478.dll Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064479.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.i skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0064480.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065483.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065484.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065485.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskBho.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/SskCore.dll Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ak skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB/Ssk3RepairInstall.exe Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.aa skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065486.exe CAB: infected - 5 skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065498.dll Infected: not-a-virus:AdWare.Win32.SurfSide.ai skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065506.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065507.exe Infected: Trojan-Downloader.Win32.Small.bmx skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065508.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065509.exe Infected: Trojan-Downloader.Win32.Small.cam skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065511.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065513.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP628\A0065514.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065527.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065528.exe Infected: Trojan-Downloader.Win32.Small.abd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065529.exe Infected: Trojan.Win32.Runner.h skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065531.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065532.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065533.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065534.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065535.exe Infected: Trojan.Win32.VB.tg skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065537.exe Infected: Trojan-Downloader.Win32.VB.wy skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065538.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP629\A0065539.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065630.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065635.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065636.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065637.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065638.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065644.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065645.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065646.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065647.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065648.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065649.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065650.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065651.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065652.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065653.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065654.dll Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065693.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065694.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065695.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP631\A0065696.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065790.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065791.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065792.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065793.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065800.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065804.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065805.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065806.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP632\A0065808.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065826.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065827.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065828.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065830.exe Infected: Trojan-Clicker.Win32.VB.ld skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065831.exe Infected: Email-Worm.Win32.Wurmark.m skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065834.exe Infected: Backdoor.Win32.Rbot.gen skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065840.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065841.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065842.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065848.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065852.exe Infected: Trojan.Win32.Pakes skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065853.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP633\A0065854.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP634\A0066037.cpl Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066058.exe Infected: Trojan-Downloader.Win32.VB.wd skipped C:\System Volume Information\_restore{F4F96CED-AC2A-4F80-9641-DECA3D569AA3}\RP635\A0066059.exe Infected: Trojan-Downloader.Win32.VB.ww skipped C:\WINDOWS\$NtServicePackUninstall$\telnet.exe Infected: Trojan-Dropper.Win32.Agent.k skipped C:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped C:\WINDOWS\Downloaded Program Files\UWFX5_0001_N56T0311NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.c skipped C:\WINDOWS\Downloaded Program Files\UWFX5_0001_NI530211NetInstaller.exe Infected: not-a-virus:Downloader.Win32.Agent.f skipped C:\WINDOWS\emruqfbA.exe Infected: Trojan-Clicker.Win32.VB.ij skipped C:\WINDOWS\hh32SPorms.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\WINDOWS\inst_adperform.exe Infected: not-a-virus:AdWare.Win32.BargainBuddy.ai skipped C:\WINDOWS\ms030734576.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\WINDOWS\ms646464.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\WINDOWS\NDNuninstall6_38.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\WINDOWS\NDNuninstall7_22.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\WINDOWS\nsw.log:xgcnko:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\WINDOWS\nts-32orhh.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\WINDOWS\offun.exe Infected: Trojan-Downloader.Win32.VB.nw skipped C:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped C:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped C:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped C:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped C:\WINDOWS\pf78.exe NSIS: infected - 4 skipped C:\WINDOWS\pms111x.exe Infected: Trojan-Downloader.Win32.VB.tw skipped C:\WINDOWS\River Sumida.bmp:brcry:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\WINDOWS\setuperr.log:ddxewo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\WINDOWS\SPhhhh.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\WINDOWS\SPPE6464hh.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\WINDOWS\SYSTEM32\awtsp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.q skipped C:\WINDOWS\SYSTEM32\bkauk.dat Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\WINDOWS\SYSTEM32\btxmvmrq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\ddsvdjc.exe Infected: Trojan.Win32.Pakes skipped C:\WINDOWS\SYSTEM32\episgovq.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\isjqmhvu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\jgddolvi.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\lacginib.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\msSP.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\WINDOWS\SYSTEM32\pnopnia.dll Infected: Trojan-Downloader.Win32.Qoologic.az skipped C:\WINDOWS\SYSTEM32\pre2.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped C:\WINDOWS\SYSTEM32\rciacp.exe Infected: Trojan-Downloader.Win32.Qoologic.at skipped C:\WINDOWS\SYSTEM32\rjpabanu.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\rwemw.dll Infected: Trojan-Downloader.Win32.Qoologic.bd skipped C:\WINDOWS\SYSTEM32\ssjfmjhn.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\synt.exe Infected: Trojan-Clicker.Win32.Small.ak skipped C:\WINDOWS\SYSTEM32\titno.exe Infected: not-a-virus:AdWare.Win32.MDH.e skipped C:\WINDOWS\SYSTEM32\vhdytrxj.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\wtqyqeud.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\SYSTEM32\xytrubee.dll Infected: Trojan-Spy.Win32.Agent.kg skipped C:\WINDOWS\telnet.exe Infected: Trojan-Dropper.Win32.Agent.k skipped C:\WINDOWS\unin101.exe Infected: Trojan.Win32.VB.tg skipped C:\WINDOWS\uni_eh.exe Infected: Trojan.Win32.VB.tg skipped C:\WINDOWS\winsysban8.exe Infected: Trojan-Clicker.Win32.VB.lg skipped Scan process completed. And here's a new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:24:48 PM, on 2/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe I do continue to get some random popups once in a while, however their number has been greatly reduced. Also, the popups are pretty much random and there is no lasting trend throughout them, no particular brand or anything. Peter
  3. All scanned and done. The folder hasn't returned yet, and the majority of the popups are gone. Here's a new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 2:46:14 PM, on 2/22/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\iTunes\iTunes.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Thanks alot, Peter
  4. Couldn't post the Kaspersky log, still too big because of that "Complete" folder I spoke about earlier, tons of things found in every random file in it.. I don't know what you'll be able to do about it. So anyways, I don't exactly know how to attach a file, I mean I do, but where's the button for it? I see "Insert hyperlink" "Insert Email" and "Insert Image", but not a file. I didn't know if you wanted a new HJT log so I didn't post one.. Peter
  5. So I fixed it in HJT, I ran KillBox, but the CCleaner link didn't take me anywhere, probably a broken link...I didn't do the Kaspersky scan again because I figured I should run CCleaner before scanning again. Could I please have the link again? Thanks, Peter
  6. Alright, everything's done, but the following files could not be found in safe mode, even with hidden files being viewed: C:\WINDOWS\wgtaojnA.exe C:\Program Files\outlook\outlook.exe C:\Program Files\Common Files\fmoq\fmoqm.exe C:\WINDOWS\system32\rciacp.exe C:\WINDOWS\system32\loader.exe So I tried to post the Kaspersky log, and it's way too long for the post, I could email it to you or get it to you in another way, but it won't let me post it. It found a lot and there's this C:\Documents and Settings\Peter.PETERS-COMPUTER\Complete folder that has always been on my computer, I've noticed it before... It will contain anywhere from 200mb-20gb of totally random zip files. I'll delete it and it will just continue to come back. A lot of the things in the scan were in there, but I can't post the log; let me know what I should do, if you want me to get it to you another way. And here's a new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 9:20:03 PM, on 2/20/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\AIM\aim.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Thanks, Peter
  7. Alright, all done. Here's the VBG txt: [02/19/2006, 22:15:25] - VirtumundoBeGone v1.5 ( "C:\Documents and Settings\Peter.PETERS-COMPUTER\Local Settings\Temporary Internet Files\Content.IE5\3EZ3OAHS\VirtumundoBeGone[1].exe" ) [02/19/2006, 22:15:30] - Detected System Information: [02/19/2006, 22:15:30] - Windows Version: 5.1.2600, Service Pack 2 [02/19/2006, 22:15:30] - Current Username: Peter (Admin) [02/19/2006, 22:15:30] - Windows is in NORMAL mode. [02/19/2006, 22:15:30] - Searching for Browser Helper Objects: [02/19/2006, 22:15:30] - BHO 1: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} (MSEvents Object) [02/19/2006, 22:15:30] - ALERT: Found MSEvents Object! [02/19/2006, 22:15:30] - Finished Searching Browser Helper Objects [02/19/2006, 22:15:30] - *** Detected MSEvents Object [02/19/2006, 22:15:30] - Trying to remove MSEvents Object... [02/19/2006, 22:15:31] - Terminating Process: IEXPLORE.EXE [02/19/2006, 22:15:31] - Terminating Process: RUNDLL32.EXE [02/19/2006, 22:15:31] - Disabling Automatic Shell Restart [02/19/2006, 22:15:31] - Terminating Process: EXPLORER.EXE [02/19/2006, 22:15:32] - Suspending the NT Session Manager System Service [02/19/2006, 22:15:32] - Terminating Windows NT Logon/Logoff Manager [02/19/2006, 22:15:33] - Re-enabling Automatic Shell Restart [02/19/2006, 22:15:33] - File to disable: C:\WINDOWS\System32\awtsp.dll [02/19/2006, 22:15:33] - Renaming C:\WINDOWS\System32\awtsp.dll -> C:\WINDOWS\System32\awtsp.dll.vir [02/19/2006, 22:15:35] - File successfully renamed! [02/19/2006, 22:15:35] - Removing HKLM\...\Browser Helper Objects\{FC148228-87E1-4D00-AC06-58DCAA52A4D1} [02/19/2006, 22:15:35] - Removing HKCR\CLSID\{FC148228-87E1-4D00-AC06-58DCAA52A4D1} [02/19/2006, 22:15:36] - Adding Kill Bit for ActiveX for GUID: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} [02/19/2006, 22:15:36] - Deleting ATLEvents/MSEvents Registry entries [02/19/2006, 22:15:37] - Removing HKLM\...\Winlogon\Notify\awtsp [02/19/2006, 22:15:37] - Searching for Browser Helper Objects: [02/19/2006, 22:15:37] - Finished Searching Browser Helper Objects [02/19/2006, 22:15:37] - Finishing up... [02/19/2006, 22:15:37] - A restart is needed. [02/19/2006, 22:16:04] - Attempting to Restart via STOP error (Blue Screen!) And here's a new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 10:22:11 PM, on 2/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\windows\winsysban9.exe C:\Program Files\wmplayer\wmplayer.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\p2pnetworking.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\Common Files\VCClient\VCClient.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - Default URLSearchHook is missing O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames9.exe O4 - HKLM\..\Run: [] p2pnetworking.exe O4 - HKLM\..\Run: [wgtaojnA] C:\WINDOWS\wgtaojnA.exe O4 - HKLM\..\Run: [loader.exeSetup.exeR] C:\WINDOWS\system32\loader.exeSetup.exeR O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKLM\..\RunServices: [] p2pnetworking.exe O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cab O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Peter
  8. Alright, did what you said. I looked in C:/ and the Look2Me txt wasn't there. I also ran a search on it, it wasn't found... But here's my new HJT log: Logfile of HijackThis v1.99.1 Scan saved at 3:20:19 PM, on 2/19/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\windows\winsysban9.exe C:\Program Files\wmplayer\wmplayer.exe C:\WINDOWS\system32\p2pnetworking.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\VCClient\VCClient.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\SpywareGuard\sgmain.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - Default URLSearchHook is missing O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\awtsp.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban9.exe O4 - HKLM\..\Run: [gimmygames] c:\\gimmygames9.exe O4 - HKLM\..\Run: [] p2pnetworking.exe O4 - HKLM\..\Run: [wgtaojnA] C:\WINDOWS\wgtaojnA.exe O4 - HKLM\..\Run: [loader.exeSetup.exeR] C:\WINDOWS\system32\loader.exeSetup.exeR O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\rciacp.exe reg_run O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKLM\..\RunServices: [] p2pnetworking.exe O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [CU1] C:\Program Files\Common Files\VCClient\VCClient.exe O4 - HKCU\..\Run: [CU2] C:\Program Files\Common Files\VCClient\VCMain.exe O4 - HKCU\..\Run: [fmoq] C:\PROGRA~1\COMMON~1\fmoq\fmoqm.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 O20 - Winlogon Notify: awtsp - C:\WINDOWS\System32\awtsp.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
  9. Lately I've been getting lots and lots of yyy65 popups, when I come home from school and my computer is on I'll have anywhere from 10-50 popups. Sometimes I'll have extra toolbars or programs, things like that. The weird thing is that the popups don't come while I'm browsing the internet or even have an Internet Explorer window open, they just pop up while my computer is on!! I've tried several removal programs and they usually find things, remove them, but everything just keeps coming back! Here's an HJT log: Logfile of HijackThis v1.99.1 Scan saved at 4:01:47 PM, on 2/16/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\wmplayer\wmplayer.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\winsysban8.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\AIM\aim.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\Program Files\Common Files\Windows\services32.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\system32\drwtsn32.exe C:\WINDOWS\system32\drwtsn32.exe C:\Program Files\Common Files\Windows\AutoIt3.exe C:\Program Files\InetGet2\emg2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\InetGet2\webhost2.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\System32\awtsp.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - C:\Program Files\Toolbar888\ToolBar888.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [wmplayer] C:\Program Files\wmplayer\wmplayer.exe /auto O4 - HKLM\..\Run: [winsysupd] C:\windows\winsysupd8.exe O4 - HKLM\..\Run: [winsysban] C:\windows\winsysban8.exe O4 - HKLM\..\Run: [gimmygames] C:\windows\gimmygames.exe O4 - HKLM\..\Run: [] p2pnetworking.exe O4 - HKLM\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKLM\..\RunServices: [] p2pnetworking.exe O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe O4 - HKCU\..\Run: [surfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} (MALPlaybackCtrl Class) - http://musicstore.connect.com/assets/activ...ALStreaming.cab O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pcpitstop.com/pestscan/pestscan.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 O20 - AppInit_DLLs: repairs302972994.dll O20 - Winlogon Notify: awtsp - C:\WINDOWS\System32\awtsp.dll O20 - Winlogon Notify: Control Panel - C:\WINDOWS\ O20 - Winlogon Notify: Shell Extensions - C:\WINDOWS\system32\m264lcjq1foe.dll O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe Any help will be greatly appreciated. Thanks, Peter Ferranto
  10. Things keep trying to change things like my homepage, search page, search bar, and all this other stuff. Luckily, i have Spyware Guard to keep this from happening, but stuff keeps getting added to my favorites list, and i keep having to "Restore old Value" on SpywareGuard when things try to get changed and it gets annoying. Here's my Hjt log: Logfile of HijackThis v1.98.2 Scan saved at 9:24:23 PM, on 6/14/2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\WZCBDL Service\WZCBDLS.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\hkcmd.exe C:\Program Files\D-Link\Air USB Utility\AirCFG.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\apiuu.exe C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE C:\Program Files\AIM\aim.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe C:\WINDOWS\system32\appxw32.exe C:\Program Files\Common Files\AOL\1118024137\ee\AOLHostManager.exe C:\Program Files\Common Files\AOL\1118024137\ee\AOLServiceHost.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\WINDOWS\System32\wuauclt.exe C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Peter.PETERS-COMPUTER\Desktop\My Folder\Cleanups\Protectors\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netscape.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tpzwl.dll/sp.html#37049 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\tpzwl.dll/sp.html#37049 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {E374D485-455A-EA4B-4D0D-A9597EFAF27B} - C:\WINDOWS\d3vz.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msci] C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\2004125211854_mcinfo.exe /insfin O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\2004125211854_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [apiuu.exe] C:\WINDOWS\apiuu.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118024137\ee\AOLHostManager.exe O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326 O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Class - {E374D485-455A-EA4B-4D0D-A9597EFAF27B} - C:\WINDOWS\d3vz.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [D-Link Air USB Utility] C:\Program Files\D-Link\Air USB Utility\AirCFG.exe O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [hpfsched] C:\WINDOWS\hpfsched.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [msci] C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\2004125211854_mcinfo.exe /insfin O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\PETER~1.PET\LOCALS~1\Temp\2004125211854_mcappins.exe /v=3 /cleanup O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe O4 - HKLM\..\Run: [share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [MMTray] MMTray.exe O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe O4 - HKLM\..\Run: [apiuu.exe] C:\WINDOWS\apiuu.exe O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1118024137\ee\AOLHostManager.exe O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ? O4 - Global Startup: Picture Package Menu.lnk = ? O4 - Global Startup: Picture Package VCD Maker.lnk = ? O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file) O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O9 - Extra button: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) O9 - Extra 'Tools' menuitem: AbsolutePoker.com - {EFFF8D47-D060-4108-B761-E8EC86622E56} - C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall...od/install.html O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EP...l_v1-0-3-18.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://antu.popcap.com/games/popcaploader_v5.cab O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/sj/en/check/qdiagh.cab?326 O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalcity.com/_media/dalaillama/ampx.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{27375AEA-BDC3-4119-9EC6-79D72E81EDDE}: NameServer = 192.168.0.1,4.2.2.2 Thanks for any help, Peter
×
×
  • Create New...