# Virus i can't get rid of... HELP PLEASE



## lloyd

I have got my mates computer in front of me because he has got a virus on it. He said when he got it, it came up as the bloodhound virus   Well, ive gone into safe mode, deleted a hell of alot of useless programs like seach engines and toolbars, deleted all cookies, and temporary files, done a disk check, run ad-aware. It wont let me run norton so i cant do much there... IS there anything i can do to get it off..

The computer is useless in its normal state, it has a black screen, sometimes switches itself off, and no programs can be opened. Its only in safe mode where i can actually do anything.

ANy help would be much appreciated!!

Lloyd


----------



## Lorand

Try these steps for manual removal of that virus: http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.html


----------



## Byteman

Can you download and install programs on the machine? If so, download Kaspersky, install it, update it, and run a scan in safemode (it works in safemode).  If you can't, post back.  

ftp://d-eu-2f.kaspersky-labs.com/tr...4BGYH4CDHP89NZ/kav5.0trial_personalpro_en.exe


----------



## lloyd

rite...i restored it to two months ago, and i can get into the actuall user name on normal windows now, but it is really slow, and takes forever to open programs. But when i check on running processes in task manager, and say i have tried to open internet explorer twice, there will be two ''IEXPLORE.EXE'' but no visible programs. Whats wrong with it??


----------



## Byteman

if you can get online, then try going through the sticky  steps, (especially the online scanners), then post a Hijackthis  log.


----------



## lloyd

cant get online :S now what..


----------



## Buzz1927

Instead of safemode, select "safemode with networking", only go to the links below.
http://download.mozilla.org/?product=firefox-1.0.6&os=win&lang=en-US
Install Firefox and use it to go to this link
http://download.ewido.net/ewido-setup.exe
And then this link
ftp://d-eu-2f.kaspersky-labs.com/tr...4BGYH4CDHP89NZ/kav5.0trial_personalpro_en.exe
Update both Ewido and Kaspersky and run full scans with both, then reboot to normal mode and see how things are.


----------



## lloyd

i know how to get onto safemode with networking, but what's the difference?


----------



## Buzz1927

With safemode with networking, you can get online, which you can't in safemode, but only go to the sites I mentioned, as your firewall and antivirus won't be up.


----------



## lloyd

ok thanks..im performing the first scan now, but its taking ages. If its still slow after both of these scans, what are my next options?


----------



## Buzz1927

Let's have a look after the scans,and take it from there. Also, download Hijackthis, install it and run it. Hit "scan and save logfile", post the log here.


----------



## lloyd

ok, will do mate..it's still on the first scan :S


----------



## lloyd

could be here all night .. lol


----------



## Buzz1927

It's a long scan because it's thorough, well worth it, tho, how much has it found so far?


----------



## lloyd

186, 70.2%


----------



## lloyd

he has only got 18gb memory aswell..this could be why it is slow, he has got 3gb left


----------



## lloyd

205 89.2%


----------



## Buzz1927

186 is quite a lot, which is good, when it gets to something like 98.2% it takes a while as well, you being online is gonna slow it down as well. The kaspersky scan is a lot quicker.


----------



## lloyd

kaspersky isn't working..check the link  :S


----------



## lloyd

im not on the computer that im scanning either, i got me mates. And im doing it for no money what so ever...must be mad


----------



## lloyd

lol 580 now. 90.1%


----------



## Buzz1927

Is the link broken? I'll check and get back to you, we need kaspersky (and i'm not getting paid either


----------



## lloyd

yes i think it might be. lol, thanks mate, appreciate it. The computer would still be as slow as a dead tortoise if u wernt ere..lol


----------



## Buzz1927

Was broken. This one works.
ftp://d-eu-2f.kaspersky-labs.com/tr...H4CDHP89NZ/kav5.0.383trial_personalpro_en.exe


----------



## lloyd

yep working...im performing the scans on this computer aswell. the scan has just passed 100 minutes on me mates one...SOOO SLOW. :-S


----------



## Buzz1927

Your mate must have loads of stuff on his comp, takes 5 mins on my VM!


----------



## lloyd

i just installed that kaspersky and now my bloody keyboard and my mousepad doesn't work on this computer!!! what has happened?? im on a keyboard and mouse from the USB now. I have unistalled the program and it still doesn;'t work......im not going to install in onto the other computer as it is my mates!! what's happened???????


----------



## lloyd

its a laptop by the way!!! and the keyboard and mousepad doesnt work!


----------



## Buzz1927

When exactly did this happen? was it ok after the ewido scan, then only happened after downloading kaspersky?


----------



## lloyd

scanned ewido...all good...downloaded kaspersky, all good, said i had to restart laptop. did it then i couldn't even log in to my username. keyboard wouldn't work, and neither does mouse pad? what could of happened??


----------



## lloyd

by the way, although my mates computer isn't my may concern now, he has 1800 infected objects, and still rising.... But any advice on my problem?


----------



## Geoff

i would tell him to get some anti-spyware and anti-virus programs, and make sure he has real-time protection.


----------



## Buzz1927

Very strange. I think it said to restart to get the settings for running on startup, sounds like there might be a conflict. Boot back to safemode and remove anything to do with kaspersky, do a search for it (advanced), what AV are you running?


----------



## lloyd

ok. I just rang my mate up who works on computers for a living, and he said that a file may have been removed and i have to take it to him tomorrow. Im not going to run kaspersky on my mates one now, just in case. His infected files is on 1900 now :-S


----------



## lloyd

the thing is though. (back to my probllem again) the keyboad worked when i went into the setup right at the start before windows had loaded up. The keyboard scrolled fine, because i thought that something may have been changed in the actually laptop set up, but everything looked ok.


----------



## lloyd

just passed 2000 infections...


----------



## Buzz1927

He's got a very infected comp, leave out kaspersky, you could try a system restore on yours, see if that sorts it, go back to the last restore point. I've never heard of anythig like this happening, I'll see if I can find out what's happened. Did you save the Ewido report?


----------



## lloyd

on this computer? here is my hijack this log file from my computer...my mates will follow shortly..


----------



## lloyd

Logfile of HijackThis v1.99.1
Scan saved at 23:04:46, on 26/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = mirs Internet Explorer
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102807997265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Net MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


----------



## lloyd

this doesn't mean anything to me...Jibberish... ;-S


----------



## Buzz1927

That's what I thought first time i looked at one!!


----------



## lloyd

is there anything wrong there? and here is my ewido report...


----------



## lloyd

*ewido report part 1*

---------------------------------------------------------
 ewido security suite - Scan report
---------------------------------------------------------

 + Created on:			21:47:20, 26/08/2005
 + Report-Checksum:		C851A223

 + Scan result:

	HKLM\SOFTWARE\Classes\Interface\{8578D35E-C6C0-4808-9A80-0F6C29A2C423} -> Spyware.HotBar : Cleaned with backup
	HKLM\SOFTWARE\Classes\Interface\{BC190DA5-0187-4D99-B3AC-6C45EA1B9324} -> Spyware.HotBar : Cleaned with backup
	HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
	HKLM\SOFTWARE\ShopperReports -> Spyware.HotBar : Cleaned with backup
	HKLM\SOFTWARE\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
	HKU\S-1-5-21-3797076284-2423628624-2075888198-1005\Software\ShopperReports -> Spyware.HotBar : Cleaned with backup
	HKU\S-1-5-21-3797076284-2423628624-2075888198-1005\Software\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
	C:\WINDOWS\system32\drivers\kbfiltr.sys -> TrojanSpy.Xpasslogger : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aOVgDuHSbe.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aFIACXm.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aRKwBIVI.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\alWV51lDFz.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\anJx.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aaE.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aBUCQ7pArUw.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aO5tKl7Jw.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aH0x40vWV.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\aDEhBiTR6x.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\amZ.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\ShellExt\alYS5vft.EXE -> Trojan.Delf.bj : Cleaned with backup
	C:\WINDOWS\system32\7k2a86.exe -> Trojan.Delf.cf : Cleaned with backup
	C:\WINDOWS\system32\rqu.sys -> Trojan.Delf.cf : Cleaned with backup
	C:\WINDOWS\system32\737.exe -> Trojan.Delf.cf : Cleaned with backup
	C:\WINDOWS\system32\bUS.dll -> TrojanDropper.Small.abd : Cleaned with backup
	C:\WINDOWS\Downloaded Program Files\ringtone.exe -> Heuristic.Win32.Dialer : Cleaned with backup
	C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ringtone.exe -> Heuristic.Win32.Dialer : Cleaned with backup
	C:\WINDOWS\rqu.sys -> Trojan.Delf.cf : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\My Documents\My Received Files\GHOST.exe/hauntpc.exe -> Not-A-Virus.Joke.Hauntpc : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\My Documents\My Received Files\carm down song.exe/hauntpc.exe -> Not-A-Virus.Joke.Hauntpc : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@as-eu.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@adviva[2].txt -> Spyware.Cookie.Adviva : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@www.etracker[2].txt -> Spyware.Cookie.Etracker : Cleaned with backup
	C:\Documents and Settings\Lloyd Eagles\Cookies\lloyd eagles@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
	C:\Documents and Settings\abby\Local Settings\Temp\targetsaver.exe -> TrojanDownloader.TSUpdate.f : Cleaned with backup
	C:\Documents and Settings\abby\Local Settings\Temp\GLF17GLF17.EXE -> TrojanDownloader.TSUpdate.f : Cleaned with backup
	C:\Documents and Settings\abby\Local Settings\Temp\iFA.tmp -> TrojanDownloader.Small.wk : Cleaned with backup
	C:\Documents and Settings\abby\Local Settings\Temp\ICD1.tmp\hbinstie.dll -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Local Settings\Temp\rqu.sys -> Trojan.Delf.cf : Cleaned with backup
	C:\Documents and Settings\abby\Cookies\geoff wiseman@adopt.euroclick[1].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
	C:\Documents and Settings\abby\Cookies\geoff wiseman@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
	C:\Documents and Settings\abby\Cookies\geoff wiseman@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\reports.txt -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_511745-514279.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Games.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hide.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Hotmail.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_Mails.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_SearchBoxTrapper.mnu -> Spyware.HotBar : Cleaned with backup


----------



## lloyd

*part 2*

C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_categorize.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_comparison.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-Mails.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_explorer-people.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_favorites.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hotbarcom.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_hsskin.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_new.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_premium.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_ringtone.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchfor.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_searchgo.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_weather.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Default_yellowpages.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\Top7_theweb.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\ads.cdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\business_promo.htm -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\buttondir.txt -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\components.cdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_1000.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_2000.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_3000.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bar.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar1.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar10.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar11.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar12.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar13.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar14.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar2.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar3.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar4.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar5.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar6.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar7.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar8.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_bbar9.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_logos.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_other.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_buttons_x.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\d_icons_weather.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\default.cdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\email-def-511724-9595.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\email-t1-bg.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium-hotbar-premium.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar-premium.cdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\hotbar_promo.htm -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\icons2.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords.idx -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords1.dat -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_idx.idx -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\keywords_sdf.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\layout.cdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\linkpathlegal.txt -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\progress.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\s_icons_buttons.res -> Spyware.HotBar : Cleaned with backup


----------



## lloyd

*part 3*

C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\t2_bg.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\theweb.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\top7.cdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\1\tsd_bg.res -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\buttondir.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\samplegroups2.txt -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\linkpathlegal.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\layout.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords1.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_1000.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_2000.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_3000.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_logos.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_other.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_weather.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\tsd_bg.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\t2_bg.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\s_icons_buttons.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\progress.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_sdf.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\keywords_idx.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\email-t1-bg.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bar.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar1.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar2.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar3.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar4.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar5.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar6.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar7.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar8.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar9.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar10.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar11.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_x.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar12.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar13.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\d_icons_buttons_bbar14.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\business_promo.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar_promo.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\default.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\icons2.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\top7.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\ads.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\DownLoad\hotbar-premium.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_511745-514279.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Games.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hide.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Hotmail.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_Mails.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_SearchBoxTrapper.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_categorize.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_comparison.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-Mails.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_explorer-people.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_favorites.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hotbarcom.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_hsskin.mnu -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\static\2\Default_new.mnu -> Spyware.HotBar : Cleaned with backup


----------



## lloyd

*5*

C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\86379 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\35000 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\49587 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\52253 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\64429 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\TooltipXML\9313 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1387544.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\hstat\31ff.dat -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\ASPL1.dat -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1055531.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1056045.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\819382.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\412570.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\534912.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1401904.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1383704.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1403389.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\2885061.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\Hotbar\dynamic\1224397.sdf -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\HostOL -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\HostOL\static -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\HostOL\dynamic -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\HostOI -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\HostOI\static -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\v3.0\HostOI\dynamic -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\IESkins -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\eskin -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\eskin\empty_bg_st.htm -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\Hotbar\eskin\FileManager.txt -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\dwld -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\dwld\WhiteList.xip -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\persist.dbs -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\Config.xml -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\report -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\report\ag.xml -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\report\ag.xml.db -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\report\Header.xml -> Spyware.HotBar : Cleaned with backup


----------



## lloyd

*6*

C:\Documents and Settings\abby\Application Data\ShopperReports\cs\report\send.xml -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\report\send.xml.db -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\db -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\db\Aliases.dbs -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\db\Sites.dbs -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\res1 -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\cs\res1\whitelist.dbs -> Spyware.HotBar : Cleaned with backup
	C:\Documents and Settings\abby\Application Data\ShopperReports\shprrprt.log -> Spyware.HotBar : Cleaned with backup
	C:\Program Files\Microsoft AntiSpyware\Quarantine\4EBAC9F5-D7B4-44F8-9EC7-397404\A20BD4F8-7C14-41A8-B94C-2988FE -> Spyware.TimeSink : Cleaned with backup
	C:\Program Files\Microsoft AntiSpyware\Quarantine\CEFE9186-D8D4-400F-AD80-069675\B728EA09-BD99-47C2-80E5-9405C0 -> Spyware.TimeSink : Cleaned with backup
	C:\Program Files\Microsoft AntiSpyware\Quarantine\51C9C12A-E6CC-4E52-88C7-E9555E\57067B86-482B-4BED-BB39-4B6CB1 -> Spyware.WebHancer : Cleaned with backup
	C:\Program Files\Microsoft AntiSpyware\Quarantine\51C9C12A-E6CC-4E52-88C7-E9555E\0FBBE928-0282-4034-ADAA-1EE1DE -> Spyware.WebHancer : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq18.tmp -> TrojanDownloader.TSUpdate.f : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2F.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq30.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq32.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq36.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq38.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> Spyware.Cookie.2o7 : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq66.tmp -> Spyware.Cookie.Adviva : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq67.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq68.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq69.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6A.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq16.tmp -> Spyware.MyWebSearch : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq25.tmp -> Spyware.MyWebSearch : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq27.tmp -> Spyware.MyWebSearch : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq28.tmp -> Spyware.MyWebSearch : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq29.tmp -> Spyware.Wesbar : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppqD.tmp -> Spyware.Cookie.Advertising : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF.tmp -> Spyware.Cookie.Doubleclick : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2.tmp -> Spyware.Cookie.Adviva : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3.tmp -> Spyware.Cookie.Valueclick : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3A.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq3D.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> TrojanDropper.Delf.ev : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8.tmp -> Spyware.Cookie.Gator : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9.tmp -> Spyware.Cookie.Fastclick : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2C.tmp -> Spyware.Cookie.Mediaplex : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2D.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup


----------



## lloyd

*last but least 7*

C:\Program Files\Yahoo!\YPSR\Quarantine\ppq2E.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq40.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq41.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq42.tmp -> Spyware.Cookie.Targetnet : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq43.tmp -> TrojanDownloader.Rameh.c : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\20041220174655.zip/WINDOWS/system32/ATPartners.dll -> TrojanDownloader.Rameh.c : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4D.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4E.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq420.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq50.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq55.tmp -> Spyware.Cookie.Paypopup : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq5D.tmp -> Spyware.Cookie.Bluestreak : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF0.tmp -> Spyware.Cookie.Revenue : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq62.tmp -> Spyware.Cookie.Spylog : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6C.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> Spyware.Cookie.Sextracker : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6E.tmp -> Spyware.Cookie.Coremetrics : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6F.tmp -> Spyware.Cookie.Qksrv : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq70.tmp -> Spyware.Cookie.Tribalfusion : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq75.tmp -> Spyware.Cookie.Atdmt : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq76.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> Adware.SaveNow : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp -> Spyware.Cookie.Adtech : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7D.tmp -> Spyware.Cookie.Bfast : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq83.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq84.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq85.tmp -> Spyware.Cookie.Hitbox : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq87.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq89.tmp -> Spyware.Cookie.247realmedia : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp -> Spyware.Cookie.Falkag : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8C.tmp -> Spyware.Cookie.Centrport : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8E.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp -> Spyware.Cookie.Trafficmp : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp -> Spyware.Cookie.Hitslink : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp -> Spyware.Cookie.Tradedoubler : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp -> Spyware.Cookie.Webtrendslive : Cleaned with backup
	C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp -> Spyware.Cookie.Adserver : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP182\A0201006.exe -> Adware.SaveNow : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP186\A0205336.dll -> TrojanSpy.Perfectkeylogger.Ad : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP187\A0209606.dll -> TrojanSpy.Perfectkeylogger.Ad : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP190\A0233570.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP195\A0248364.dll -> TrojanSpy.Delf.fk : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP195\A0248373.dll -> TrojanSpy.Delf.fk : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP197\A0251583.DLL -> Spyware.Hijacker.Generic : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP200\A0263732.dll -> TrojanSpy.Delf.fk : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP200\A0263756.dll -> TrojanSpy.Delf.fk : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP200\A0263842.DLL -> TrojanSpy.Delf.fk : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP202\A0272177.dll -> TrojanSpy.Delf.fk : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP202\A0272190.dll -> TrojanSpy.Delf.fk : Cleaned with backup
	C:\System Volume Information\_restore{5E98F68A-5D11-44AB-A2D5-D00686D28292}\RP207\A0279627.dll -> TrojanSpy.Delf.fk : Cleaned with backup


::Report End


----------



## lloyd

theres a challenge for ya!!! make sense out of that!! lol


----------



## Buzz1927

lloyd, is this your's or your mate's? don't post another Ewido report, it's far too long. I was expecting something shorter.


----------



## Buzz1927

Alright, let's deal with this first (before your mates)

Run Hijackthis and check these lines (remove anything to do with supanet if you know what it is).

*
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tesco.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = mirs Internet Explorer
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O16 - DPF: {11111111-1111-1111-1111-111191113457} - file://c:\ied_s7.cab
O16 - DPF: {11111111-1111-1111-1111-511111193457} - file://c:\x.cab
O16 - DPF: {11111111-1111-1111-1111-511111193458} - file://c:\x.cab
O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - (no file)*

Close all windows, apart from hijackthis, and hit "fix checked".

Then find and delete these folders\files, if they still exist.


C:\Program Files\*PartyPoker*
c:\*ied_s7.cab*
c:\*x.cab*

Then reboot and post a new Hijackthis log.


----------



## lloyd

ok sorry. this is my one... i dont even want to begin to see what my mates is like.. he has 2436 infections now...


----------



## Buzz1927

Just post the Hijackthis log from their comp.


----------



## lloyd

supanet is my email provider thing... so you want me to check these lines with a tick..and click fix..apart from supanet?


----------



## Buzz1927

Yes, then delete the folder\files.


----------



## lloyd

*hijack this 2*

Logfile of HijackThis v1.99.1
Scan saved at 23:47:25, on 26/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\YAHOO!\browser\ycommon.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102807997265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Net MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


----------



## lloyd

think i have done... tell me if i have missed anything out :-D


----------



## lloyd

2900 on me mates now, and still rising


----------



## lloyd

3000, 93.6%, scan been running for 217 minutes


----------



## Buzz1927

I'm amazed your mate's comp even started up. You missed these from the hijackthis log. Make sure all windows are closed, and you're off-line, before hitting "fix checked".


*R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cus...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../search/ie.html*


----------



## lloyd

Logfile of HijackThis v1.99.1
Scan saved at 00:00:41, on 27/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.supanet.com/search/iepanel/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.supanet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.supanet.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.supanet.com/
O15 - Trusted Zone: http://register-tesco.qa.business.ntl.com
O15 - Trusted Zone: http://memberservices.tesco.net
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1102807997265
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab31267.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Net MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\Net MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE


----------



## lloyd

i havnt a clue how it started up either..its been on  93.6% for about half hour now, and the number is still rising... 3179 ....226 minutes


----------



## Buzz1927

Your's is fine, you can check the 016's if you like, just activeX controls, I can't wait to see your mate's log! (if it ever finishes, of course).


----------



## lloyd

lol. good good. its on 3267 now. i think i know why it has been running slow :-/  what shall i do when it  has finished? hijack this? shall i run the hijack this in safe mode agen?


----------



## lloyd

hell!! NOW REACHED 93.7%!!!!


----------



## lloyd

have you ever heard of so many viruses and spywear on one machine? i doubt he has scanned it once since he has had it...idiot


----------



## lloyd

3500...


----------



## lloyd

3550 finished.....now cleaning! lmao


----------



## Buzz1927

Boot back to normal mode and scan with Hijackthis, then post the log.


----------



## lloyd

will do...its going to take years to delete all the items though!!


----------



## lloyd

i will be posting my mates hijack this shortly...


----------



## lloyd

*hijack log for me mates laptop 1*

Logfile of HijackThis v1.99.1
Scan saved at 13:08:09, on 27/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\1XConfig.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Messenger Plus! 3\MsgPlus.exe
C:\Program Files\CSBB\CSV7P26.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\BT Broadband Basic Help\bin\mpbtn.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\NAVW32.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eqjodnftcjcr.biz/T6uLOkYkTm0D/8dNQHJJ3dZ_kT79r_ttBlaWsuL1NCxUqlS2DTtUTF42giWeByoW.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {01510CDC-B6EA-A8D1-D316-AE91F33D01C4} - C:\WINDOWS\system32\apisi32.dll (file missing)
O2 - BHO: Class - {05DBFB5A-148E-655D-A543-649DA7D51173} - C:\WINDOWS\system32\mfctc32.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {09207CE5-BD48-226E-8BA1-3964BEC3C523} - C:\WINDOWS\addxv32.dll
O2 - BHO: Class - {0B3FE940-D86C-B10F-DEFD-0E10D5772B03} - C:\WINDOWS\iefp32.dll (file missing)
O2 - BHO: Class - {0B7B18D7-624E-9D9C-3AED-4D4B39ABCCFF} - C:\WINDOWS\system32\syswc32.dll
O2 - BHO: Class - {0C486A9A-90AE-95F6-758D-9AE8676B4FF7} - C:\WINDOWS\system32\sdkot.dll
O2 - BHO: Class - {0E4410E4-DBFC-BF74-0B0F-49FF5146F909} - (no file)
O2 - BHO: Class - {10DFCB85-44EE-6B1E-BDAB-F01C14A7E2CE} - C:\WINDOWS\system32\apptg32.dll (file missing)
O2 - BHO: Class - {124FAA2B-986B-4226-EDE4-73956513EB6C} - C:\WINDOWS\system32\apptn32.dll
O2 - BHO: Class - {13FE7B61-AB76-464D-D4B1-1EE42B5C7715} - C:\WINDOWS\addum32.dll
O2 - BHO: Class - {146EB80D-0123-B9DC-CB78-2D30A8F5FDC5} - C:\WINDOWS\sdkxc.dll
O2 - BHO: Class - {16EDE131-1569-4CCA-0622-342572B25462} - C:\WINDOWS\system32\crzo.dll
O2 - BHO: Class - {18D3D8C4-FB37-E093-FEDC-3D0FEF307C2D} - C:\WINDOWS\system32\wingk32.dll (file missing)
O2 - BHO: Class - {19B3FEAA-8469-F427-3872-DB341DF3BC16} - C:\WINDOWS\atlob32.dll
O2 - BHO: Class - {1B7868F3-747F-F324-23F0-1A3EC3D2C170} - C:\WINDOWS\sysrf32.dll (file missing)
O2 - BHO: Class - {1C3C5B84-B649-2147-152A-4004E9FCB938} - (no file)
O2 - BHO: Class - {1D200653-3395-8F3E-CE6F-90DFC9291C6B} - (no file)
O2 - BHO: Class - {1E8733D0-8E0C-7E44-8C89-9F7518EC0CF0} - C:\WINDOWS\system32\sdkng32.dll (file missing)
O2 - BHO: Class - {1F246984-4C70-58A7-8F52-49079121EF47} - C:\WINDOWS\system32\ield32.dll (file missing)
O2 - BHO: Class - {1F77B61D-BE6B-566C-C734-47786D31C70C} - C:\WINDOWS\system32\apieb32.dll
O2 - BHO: Class - {204BFD00-8711-E685-9059-B543F47899E1} - C:\WINDOWS\system32\d3up32.dll
O2 - BHO: Class - {20FA44E2-4117-97B3-21C4-ABFD27838805} - C:\WINDOWS\atlwu32.dll (file missing)
O2 - BHO: Class - {232A78D5-31A4-4CAC-CDA6-16A201F3FDD0} - C:\WINDOWS\ipol32.dll
O2 - BHO: Class - {241F4AD4-BEDA-EE12-A99D-3A6CB9B33A5F} - C:\WINDOWS\system32\msnw32.dll
O2 - BHO: Class - {251F1678-C6A5-89D9-D60F-44823539572A} - C:\WINDOWS\javadg.dll (file missing)
O2 - BHO: Class - {25BCEAC9-47B6-ABCD-B004-C98A4B8683E8} - C:\WINDOWS\sdkyh32.dll
O2 - BHO: Class - {26A0B324-E4D4-A257-7964-D0D492A800DD} - C:\WINDOWS\system32\netbw.dll
O2 - BHO: Class - {27E1325A-4288-1A73-79FB-785DCF6C8EAB} - C:\WINDOWS\system32\d3bn.dll (file missing)
O2 - BHO: Class - {2874EF24-5B4A-FBCC-AAF3-41C5D6A1522B} - C:\WINDOWS\system32\ntso32.dll (file missing)
O2 - BHO: Class - {295E94EF-17FD-F524-DCBC-A03A2D5699EB} - C:\WINDOWS\apizk.dll
O2 - BHO: Class - {2ABA8EC8-43E6-7C24-9568-068569082C70} - C:\WINDOWS\system32\javafk.dll (file missing)
O2 - BHO: Class - {2B029CDC-2036-DEE4-CB48-B938F68F9C92} - C:\WINDOWS\atlrl.dll (file missing)
O2 - BHO: Class - {2BAB9DCF-AB6E-FD19-25BB-4FA3012F78E1} - C:\WINDOWS\system32\appwi.dll (file missing)
O2 - BHO: Class - {2CC0ABDB-DFA2-1611-30E4-69D3C2CBA817} - C:\WINDOWS\ipbc.dll
O2 - BHO: Class - {2D9CF55D-3A44-BD17-DD51-0CEABAFAA417} - C:\WINDOWS\system32\ipck32.dll
O2 - BHO: Class - {2E5DB345-70C0-FF98-D20F-C69A65169900} - C:\WINDOWS\system32\mfcmy32.dll
O2 - BHO: Class - {309B0370-9499-BD83-5B63-522A8DC7EFD4} - C:\WINDOWS\system32\ntoy.dll
O2 - BHO: Class - {3152E410-3368-7E44-2FCD-F5704D0FF9BE} - (no file)
O2 - BHO: Class - {3233BB7C-36A8-174F-E368-2B49E6729088} - C:\WINDOWS\sdkkr32.dll
O2 - BHO: Class - {331CBE5C-B830-B9E3-563F-ED29D8540207} - C:\WINDOWS\crhf32.dll (file missing)
O2 - BHO: Class - {3500DC94-C0FD-7A59-32CD-06861C388D23} - C:\WINDOWS\crdy.dll
O2 - BHO: Class - {366B2B49-46A5-CC46-2F98-6DD344CC10DF} - C:\WINDOWS\ieyh.dll
O2 - BHO: Class - {372C3DC8-16B4-F566-1386-258500A8957F} - (no file)
O2 - BHO: Class - {3834AA13-4038-9320-1E93-D1D572E3A1CA} - C:\WINDOWS\system32\appqg.dll (file missing)
O2 - BHO: Class - {3933A2D4-313C-CB82-3FF9-E9660D4850AF} - (no file)
O2 - BHO: Class - {3A1BDA7E-F499-48DE-E72D-92C016F9B8A9} - C:\WINDOWS\netsu32.dll
O2 - BHO: Class - {3B821BB1-33C7-877C-CF3F-E5E87BDB1C5A} - C:\WINDOWS\system32\atlnw32.dll
O2 - BHO: Class - {3C429116-BB93-5F0C-88F2-42257E2E113A} - C:\WINDOWS\neths.dll
O2 - BHO: Class - {3DA49083-A3C3-AC46-BD0D-4824F9B1C99D} - C:\WINDOWS\apilm.dll (file missing)


----------



## lloyd

*2*

O2 - BHO: Class - {3E600AC1-5623-6042-155E-F0B4CAD07FE9} - C:\WINDOWS\system32\crcu32.dll
O2 - BHO: Class - {3EB510B6-951F-3179-585D-DFB2CF7A044C} - (no file)
O2 - BHO: Class - {3FC5F00B-0204-AD29-6D02-6C41C7707FDF} - C:\WINDOWS\system32\atlpi32.dll (file missing)
O2 - BHO: Class - {4092872E-029D-8EC3-D004-5DCC7366A828} - C:\WINDOWS\system32\ipxu.dll (file missing)
O2 - BHO: Class - {41EC47A7-58EC-65FA-71E8-99027BAC7F2B} - C:\WINDOWS\system32\sysag32.dll (file missing)
O2 - BHO: Class - {42A8EAAD-CADF-3ADC-AA19-09B37343138C} - (no file)
O2 - BHO: Class - {43394E3B-594F-6045-2791-CA03BE086EAA} - C:\WINDOWS\system32\apipw32.dll
O2 - BHO: Class - {447A2315-B483-39AC-FEB8-AB86EF0FF3D8} - C:\WINDOWS\iegg32.dll
O2 - BHO: Class - {45FD291D-6DF4-0FF8-449D-50F02AEF25DD} - C:\WINDOWS\addam32.dll (file missing)
O2 - BHO: Class - {46D4CC4E-BCF6-41DB-455D-02D62640627A} - C:\WINDOWS\system32\appqh32.dll
O2 - BHO: Class - {47EA1720-78C9-292F-1E61-12875D376490} - C:\WINDOWS\system32\winyg32.dll
O2 - BHO: Class - {49792A75-5972-4ABC-2D57-7AF58F732F2A} - (no file)
O2 - BHO: Class - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - C:\WINDOWS\system32\sdkaq.dll (file missing)
O2 - BHO: Class - {4ABDA81E-FE91-C427-42B6-27837FF8EAF3} - C:\WINDOWS\system32\apiyd.dll
O2 - BHO: Class - {4BEC144C-BF69-2AED-70B9-47847DC8F765} - C:\WINDOWS\apitj.dll
O2 - BHO: (no name) - {4CB9FE89-C678-F47B-2F95-B7988A0FC10D} - (no file)
O2 - BHO: Class - {4CEBAA3A-44D2-D30D-92A7-62004F8D1F39} - C:\WINDOWS\mshf32.dll
O2 - BHO: Class - {4D6349C9-DB1F-F1BC-CA27-1B9D604C7F02} - C:\WINDOWS\ipac32.dll (file missing)
O2 - BHO: Class - {4E0B788A-64A7-A3AD-9CE7-5AB847C4197B} - C:\WINDOWS\system32\sdkpa.dll (file missing)
O2 - BHO: Class - {4EAAF6E2-F1CB-E7F1-EBAA-50DD78D3DCEB} - C:\WINDOWS\system32\javaiy32.dll
O2 - BHO: Class - {4EFD2819-1BB4-0DA7-B792-88C50B1A0056} - C:\WINDOWS\system32\netxp.dll (file missing)
O2 - BHO: Class - {4FA500AA-6D17-65FB-338B-0E37CC3C72DE} - C:\WINDOWS\system32\netwx.dll
O2 - BHO: Class - {5022D84C-7E63-46D2-7871-DE7A933DED9A} - C:\WINDOWS\system32\ieqp.dll (file missing)
O2 - BHO: Class - {50B87587-292A-F4E0-8D58-EE628A68239B} - C:\WINDOWS\system32\mfcrz.dll (file missing)
O2 - BHO: Class - {51219589-FE9D-A7E2-3F0C-070910E5C08A} - C:\WINDOWS\system32\winxv.dll
O2 - BHO: Class - {51751739-CAF1-E684-719C-4B1197FD588C} - C:\WINDOWS\apieh32.dll
O2 - BHO: Class - {52FB366B-D4FB-897C-7B31-EF1BC95AE927} - C:\WINDOWS\javash.dll (file missing)
O2 - BHO: Class - {5389907B-5AA0-FD40-FFCD-B654F6817EFA} - C:\WINDOWS\system32\mfcdw.dll
O2 - BHO: Class - {541BE5FF-AB13-4D26-CB9D-C13BD6A1491E} - C:\WINDOWS\system32\appfv32.dll (file missing)
O2 - BHO: Class - {54625A3D-4D89-AADF-4CB6-9B33C5B983F4} - C:\WINDOWS\system32\javarc.dll
O2 - BHO: Class - {55AC4EE7-4B4F-A677-88EE-C19AD29C7B4D} - C:\WINDOWS\system32\iegs32.dll
O2 - BHO: Class - {55FF138B-75CF-C09E-5E79-49F7277CDB38} - C:\WINDOWS\winim32.dll (file missing)
O2 - BHO: Class - {5677AB6A-2934-E737-F233-AF849B02D48F} - C:\WINDOWS\ipus.dll (file missing)
O2 - BHO: Class - {57144AA3-0FE9-EE66-80BF-16B036B04F47} - C:\WINDOWS\ieop32.dll (file missing)
O2 - BHO: Class - {57E092D9-D78D-97B1-8BE6-594F8C707DE0} - C:\WINDOWS\netnw.dll
O2 - BHO: Class - {5846232C-DAB1-2538-1DC5-1F5122BAEDA5} - C:\WINDOWS\system32\syspj32.dll (file missing)
O2 - BHO: Class - {58BE2EE0-27B6-C905-F9B4-65D8FE8B1DC9} - C:\WINDOWS\addmz.dll
O2 - BHO: Class - {58D62BAA-D313-4513-41F0-A0F711964CDA} - C:\WINDOWS\system32\apprf.dll (file missing)
O2 - BHO: Class - {5963141A-2623-5A16-4284-5845594CADCA} - C:\WINDOWS\system32\winrw32.dll (file missing)
O2 - BHO: Class - {5A2100BB-18C7-A455-1509-80EFAF18A13B} - C:\WINDOWS\ipgt.dll (file missing)
O2 - BHO: Class - {5ADBC662-7902-CAC4-D18A-CD699FB2A6CD} - C:\WINDOWS\system32\apiwf32.dll
O2 - BHO: Class - {5B608D3F-ABAC-DD59-87F8-B4D199FA3D0E} - C:\WINDOWS\system32\sdkvw32.dll
O2 - BHO: Class - {5BC00C48-AFF4-1B9A-7346-97AEAEE9627E} - C:\WINDOWS\mfclt32.dll (file missing)
O2 - BHO: Class - {5C2E18F0-2AB9-3C5E-B1E9-BD7910F26E87} - C:\WINDOWS\addra32.dll (file missing)
O2 - BHO: Class - {5C772FB3-343E-2D8E-AD06-101478BB1F4D} - C:\WINDOWS\system32\ntto.dll
O2 - BHO: Class - {5D2B941B-D55B-519B-85FE-DBFDF91762AF} - C:\WINDOWS\apixh32.dll (file missing)
O2 - BHO: Class - {5DE0DA98-DFC9-EB4A-8C86-8F46A5116CA0} - C:\WINDOWS\ipaj32.dll
O2 - BHO: Class - {5E6907AD-4057-5842-8288-F1EFF0E72AA1} - C:\WINDOWS\system32\ntsm.dll (file missing)
O2 - BHO: Class - {5F180D9D-9458-3702-9EB3-84B7CCFF9CC5} - C:\WINDOWS\apiwf.dll
O2 - BHO: Class - {5F56761A-21EA-97B6-474D-E9630FC57B28} - C:\WINDOWS\system32\addhf32.dll
O2 - BHO: Class - {5FFCDEE9-901B-22A9-1E8A-80C150D6A16B} - C:\WINDOWS\system32\netab.dll
O2 - BHO: Class - {605BB929-10FB-81EB-196F-7822E1EA2567} - C:\WINDOWS\ipvo32.dll
O2 - BHO: Class - {611BC1A6-C732-89BE-88E7-13D4CBB3E737} - C:\WINDOWS\ieru32.dll
O2 - BHO: Class - {61C65389-9A99-E0F0-7E64-C35B49DA6455} - C:\WINDOWS\d3sa32.dll
O2 - BHO: Class - {6248255C-2322-395B-0A66-A5455141BD55} - C:\WINDOWS\system32\sdkfe32.dll
O2 - BHO: Class - {62910A98-42B2-6909-C3C6-DA66D904D5FE} - C:\WINDOWS\ipcg32.dll
O2 - BHO: Class - {633F43F5-CEB7-955A-3D24-30AF77FF418F} - C:\WINDOWS\system32\addvp.dll (file missing)
O2 - BHO: Class - {63E988EA-B1A2-6EB4-88EE-55949C150872} - C:\WINDOWS\system32\mfcuy.dll (file missing)
O2 - BHO: Class - {644AA0C3-4FD2-7790-DA9A-C586AB07E429} - C:\WINDOWS\crwi.dll
O2 - BHO: Class - {64A70346-6FA4-EA8B-7DD1-5A4B17FBDA8B} - C:\WINDOWS\ipvi32.dll
O2 - BHO: Class - {64E5E8FA-69A1-48F4-8963-F00907CAAF17} - C:\WINDOWS\system32\ntwp.dll (file missing)
O2 - BHO: Class - {655B57FC-F511-E626-4D9C-B315180CF3AA} - C:\WINDOWS\system32\sdklm32.dll
O2 - BHO: Class - {65E6A8E0-A67C-0CE3-B885-D53EA9292B40} - C:\WINDOWS\javaec.dll
O2 - BHO: Class - {66A15FEE-5E94-86FB-0CE6-EC4939529CDA} - C:\WINDOWS\msvb.dll (file missing)
O2 - BHO: Class - {66EE64B4-816A-C2A8-1639-AB8F0F258A12} - C:\WINDOWS\ipaq32.dll (file missing)
O2 - BHO: Class - {677CE132-C5E8-235B-2CEB-FBDAA2BD1708} - C:\WINDOWS\sdkys.dll (file missing)
O2 - BHO: Class - {6813A243-6455-01F2-5ABA-4D5390F9C114} - C:\WINDOWS\ipjy.dll (file missing)
O2 - BHO: Class - {686BD755-AEF3-AAE3-3C6B-59594F796234} - C:\WINDOWS\javadn32.dll
O2 - BHO: Class - {699D99C8-B4D7-0851-F1CD-FBF8A3163BC0} - C:\WINDOWS\atlzs32.dll (file missing)
O2 - BHO: Class - {69DCBAC8-9290-CC20-9EE6-CC486DABBD24} - C:\WINDOWS\winsw.dll (file missing)
O2 - BHO: Class - {6A68C13B-80CB-8A2B-E2B7-DD786A9B3F26} - C:\WINDOWS\system32\ntxl.dll
O2 - BHO: Class - {6B100404-4F9A-E142-E0A7-930DC8A6A6C8} - C:\WINDOWS\system32\javaan.dll (file missing)
O2 - BHO: Class - {6BD0D85F-3F49-C5B5-B4EC-53AF9CC33651} - C:\WINDOWS\system32\iejc.dll (file missing)
O2 - BHO: Class - {6C7FF605-A242-47BA-6F53-DF6E15E38036} - C:\WINDOWS\system32\apibm.dll (file missing)
O2 - BHO: Class - {6CC73679-13D2-C8CA-BC0E-B1ECFD1DE3A0} - C:\WINDOWS\system32\d3if32.dll
O2 - BHO: Class - {6D300628-EE43-722F-B0FB-28A73151168F} - C:\WINDOWS\msrn32.dll (file missing)
O2 - BHO: Class - {6D6FE22D-CBFD-2FEC-7ABF-690B77B35213} - C:\WINDOWS\system32\sdkxp32.dll (file missing)
O2 - BHO: Class - {6E3AF2EF-A419-9AA0-E8E3-F77B92FEF007} - C:\WINDOWS\sdkuu.dll
O2 - BHO: Class - {6EFA1A5C-5C50-9372-566B-822D6BC8B2D7} - C:\WINDOWS\system32\sdkrp32.dll (file missing)
O2 - BHO: Class - {6F75ABBF-6008-EDA7-8453-2ADF8601ADFA} - C:\WINDOWS\msnn32.dll
O2 - BHO: Class - {6F99DB7E-CFDF-18F9-0B84-6D52A771173C} - C:\WINDOWS\system32\sdkku32.dll


----------



## lloyd

*3*

O2 - BHO: Class - {6FCBBEF2-5ADB-ECE5-F01E-7664EE3BE486} - C:\WINDOWS\system32\iegu32.dll
O2 - BHO: Class - {7088E183-99D9-0B62-5F0D-9852B624FA9A} - C:\WINDOWS\system32\appmp32.dll (file missing)
O2 - BHO: Class - {7115B539-BB04-24CC-2B23-6827E7FC740F} - C:\WINDOWS\system32\ntgu32.dll (file missing)
O2 - BHO: Class - {717655E5-CA0C-9A70-2FAE-BBF47B27C2B1} - C:\WINDOWS\system32\sdkkz32.dll
O2 - BHO: Class - {729087AF-F985-6D35-58ED-1A52E73988DF} - C:\WINDOWS\ipuf.dll
O2 - BHO: Class - {72FE18E8-B012-C0A9-479F-4819B8B2A986} - C:\WINDOWS\system32\mfcom32.dll (file missing)
O2 - BHO: Class - {736D7AF8-767A-4C93-2FD5-4BEE4128A750} - C:\WINDOWS\atlnp.dll
O2 - BHO: Class - {741EFF45-56BE-9629-68EB-F349FC91F792} - C:\WINDOWS\mscl.dll
O2 - BHO: Class - {74D49E20-C013-4035-3457-1B073899BF8D} - C:\WINDOWS\winov32.dll
O2 - BHO: Class - {74D60CD1-AA3F-057F-D848-08A830D6AFEA} - C:\WINDOWS\system32\apigm.dll (file missing)
O2 - BHO: Class - {75895338-95C6-E212-8F56-E4EABE6726D1} - C:\WINDOWS\appwc.dll
O2 - BHO: Class - {75AC68C4-FC8D-B1AF-D11A-72FC70708CDE} - C:\WINDOWS\apizu.dll (file missing)
O2 - BHO: Class - {75FF0CF0-2B28-1964-55E8-CDEF044A53AC} - C:\WINDOWS\system32\ipyf32.dll
O2 - BHO: Class - {7675940E-2E8F-CC66-3F3E-33734232EC19} - C:\WINDOWS\system32\ieaq32.dll
O2 - BHO: Class - {77915096-204D-E2F0-F041-8CEDC66033AE} - C:\WINDOWS\system32\javafd32.dll
O2 - BHO: Class - {77DE3DE9-668B-F005-7EA0-971450AEA232} - C:\WINDOWS\mfcnw.dll
O2 - BHO: Class - {7866CB83-C0A9-72B3-9ABA-9ABA70AF90AC} - C:\WINDOWS\system32\crgu32.dll (file missing)
O2 - BHO: Class - {78AE3114-5E95-5F1D-3F6C-1C58A84B045A} - C:\WINDOWS\system32\d3ly.dll
O2 - BHO: Class - {79207B8A-3F1B-92FC-C375-8424B3F02FCC} - C:\WINDOWS\system32\iemv.dll
O2 - BHO: Class - {795C4F6D-8709-7CDE-2594-4B088D22936D} - C:\WINDOWS\sdkxd32.dll
O2 - BHO: Class - {7A23E735-EC07-BB26-5CF0-DCDEBB6EADC9} - C:\WINDOWS\sdktv.dll
O2 - BHO: Class - {7A97B913-C0A6-6EAC-43F1-2AC5E32BFB43} - C:\WINDOWS\system32\appyo.dll (file missing)
O2 - BHO: Class - {7AE91C6C-1479-7396-1F9A-7C366C654869} - C:\WINDOWS\system32\crcv32.dll
O2 - BHO: Class - {7B4A1389-49FB-707C-A673-D7AF81767AD4} - C:\WINDOWS\crqk32.dll (file missing)
O2 - BHO: Class - {7B90593A-D195-5D99-A455-BB257F00B873} - C:\WINDOWS\apprq.dll
O2 - BHO: Class - {7C25DF9E-175A-AEBC-1715-65139942B8A6} - C:\WINDOWS\msmq.dll
O2 - BHO: Class - {7CF63507-F787-DEDD-FF68-BDC0D8517426} - C:\WINDOWS\winbj32.dll
O2 - BHO: Class - {7DB27A26-99E5-D3F2-DE5E-69D6A77FC596} - C:\WINDOWS\ntfx.dll
O2 - BHO: Class - {7E35BA92-B311-70A1-8E0E-EE430F0CC372} - C:\WINDOWS\netdu.dll
O2 - BHO: Class - {7E72F987-8787-B062-BD3E-899CF7791E40} - C:\WINDOWS\crop.dll
O2 - BHO: Class - {7FCAD8DF-0B29-F72D-3A4A-26C69B0EE416} - C:\WINDOWS\mfczc.dll
O2 - BHO: Class - {800C1200-B10E-2CB9-B905-F544E4536BF6} - C:\WINDOWS\adduf.dll
O2 - BHO: Class - {80C24F71-4497-B288-8A8F-E71543C5213D} - C:\WINDOWS\system32\winwl32.dll
O2 - BHO: Class - {80FC6A39-9FBC-F551-7089-66CE61A24984} - C:\WINDOWS\system32\javaxd.dll
O2 - BHO: Class - {81DE9EF1-9091-D3E5-B58C-E083B9CEB6D3} - C:\WINDOWS\system32\mfcmk32.dll (file missing)
O2 - BHO: Class - {826F3DF9-32CF-FB2E-FB27-EC6CB89A5DFD} - C:\WINDOWS\d3iw.dll (file missing)
O2 - BHO: Class - {82EDCDC8-3679-E5AB-AE96-5016FD6F4A9B} - C:\WINDOWS\msro.dll (file missing)
O2 - BHO: Class - {83B938F6-F9C9-99A7-F5D7-08A5CE8EF0D7} - C:\WINDOWS\system32\ntpi32.dll (file missing)
O2 - BHO: Class - {8430846B-8A81-CE71-E16C-22A97EFCBE41} - C:\WINDOWS\system32\d3fu.dll
O2 - BHO: Class - {84850937-9A02-7E55-8FA6-C522AD1E86A5} - C:\WINDOWS\system32\ntmi32.dll (file missing)
O2 - BHO: Class - {8512441F-E8F7-35DA-C3F7-AAEAC5DA7FA2} - C:\WINDOWS\sdkws32.dll (file missing)
O2 - BHO: Class - {8553EC21-E7DD-9602-7F1B-4E44B156B5BD} - C:\WINDOWS\atlps32.dll
O2 - BHO: Class - {85F30D49-60FD-6D87-DB29-3C75DD93BD56} - C:\WINDOWS\apigs32.dll (file missing)
O2 - BHO: Class - {86A0C09D-1B74-868D-C89A-093479621C99} - C:\WINDOWS\system32\javahr.dll
O2 - BHO: Class - {86F9CA92-6BF9-92E4-B567-27CFF8042AAE} - C:\WINDOWS\system32\atlhn32.dll
O2 - BHO: Class - {87842630-AA24-E369-2329-D8F2628A7285} - C:\WINDOWS\system32\d3cl.dll
O2 - BHO: Class - {880F983D-363A-04D6-EC3B-7F1C8EF532CD} - C:\WINDOWS\system32\atltt.dll (file missing)
O2 - BHO: Class - {88A0C6A3-6B41-0962-6006-EAC41DA2ED9E} - C:\WINDOWS\system32\javauy32.dll (file missing)
O2 - BHO: Class - {89557F0D-75F4-B477-BCB5-8EB6C949C240} - C:\WINDOWS\sdkit.dll (file missing)
O2 - BHO: Class - {8A092A41-60B0-B261-C8EB-6AA2367704DA} - C:\WINDOWS\system32\addnt.dll
O2 - BHO: Class - {8A52123E-D46A-B318-588E-033C3ABA8A3B} - C:\WINDOWS\atlsp32.dll
O2 - BHO: Class - {8B11A8F2-7C5F-436A-07E5-29E3A4B58F85} - C:\WINDOWS\iekq.dll
O2 - BHO: Class - {8BD0FF9B-9B7E-0F04-16C4-8198CD27EA1A} - C:\WINDOWS\mfccc.dll (file missing)
O2 - BHO: Class - {8C515E10-8EE5-F0DB-2428-05DEDBCC6A67} - C:\WINDOWS\system32\mfcbl.dll
O2 - BHO: Class - {8C8EAD04-425B-319C-5458-9026C339B635} - C:\WINDOWS\system32\ipsf.dll (file missing)
O2 - BHO: Class - {8D169E2E-8319-8F6C-013A-36574F8EC46F} - C:\WINDOWS\appnn32.dll
O2 - BHO: Class - {8D55C478-729E-7713-EE3C-56A6BA3A3DD4} - C:\WINDOWS\msde32.dll
O2 - BHO: Class - {8E0CFF9A-9D92-AC99-FA0C-7E94D6A0CF0D} - C:\WINDOWS\iepa32.dll (file missing)
O2 - BHO: Class - {8E97E342-2F8F-9814-A393-F31425698173} - C:\WINDOWS\system32\javadm.dll (file missing)
O2 - BHO: Class - {8EC20AF2-546E-27B7-7D6C-EB64CBB4FC91} - C:\WINDOWS\system32\sdkqe.dll
O2 - BHO: Class - {8F0E4042-38CC-AD8C-9AF5-7B4D537388D4} - C:\WINDOWS\apiil.dll (file missing)
O2 - BHO: Class - {8F4D9153-405E-509F-26EF-6506F2EB23E5} - C:\WINDOWS\iejm.dll
O2 - BHO: Class - {8F990BB6-92DA-5618-847A-5DD4057B1ECE} - C:\WINDOWS\system32\mssl.dll (file missing)
O2 - BHO: Class - {90706F45-D241-085D-C3F4-2CA0366EF00C} - C:\WINDOWS\system32\ipse.dll (file missing)
O2 - BHO: Class - {910D4451-D597-05F5-D318-00556258E9E2} - C:\WINDOWS\system32\ipdm.dll (file missing)
O2 - BHO: Class - {91D01F79-7707-C904-CAF5-2795B792E2FE} - C:\WINDOWS\system32\ipoe.dll
O2 - BHO: Class - {9286C8D3-72AA-8519-16A4-CB885339B791} - C:\WINDOWS\d3sc.dll
O2 - BHO: Class - {92D83A26-147B-6F87-83E4-B271371785C1} - C:\WINDOWS\appjl32.dll (file missing)
O2 - BHO: Class - {93587622-0E15-2933-A432-4FC8AFF51981} - C:\WINDOWS\iema32.dll
O2 - BHO: Class - {94CAE5BF-5AF5-9CF0-41E8-0C3C76C0D550} - C:\WINDOWS\ieqi.dll (file missing)
O2 - BHO: Class - {9585DCDF-2CF7-044C-850B-2CC0DBFD6F96} - C:\WINDOWS\ntil32.dll
O2 - BHO: Class - {95BAC7DA-0DDB-6F51-2538-D3418AE96254} - C:\WINDOWS\sysgh32.dll
O2 - BHO: Class - {96539909-96EA-25C3-E2A9-52D232FB283C} - C:\WINDOWS\winje32.dll (file missing)
O2 - BHO: Class - {97844521-9B02-5F4A-6832-B572D5720BB7} - C:\WINDOWS\system32\netip32.dll
O2 - BHO: Class - {97D855EA-1734-8802-A3F4-6568F257371E} - C:\WINDOWS\winhc32.dll
O2 - BHO: Class - {984794D2-F1D0-F94C-3C11-F33D006EAD35} - C:\WINDOWS\appcj.dll (file missing)
O2 - BHO: Class - {987B8229-55C1-631B-7094-093741C88E5A} - C:\WINDOWS\system32\atlmy.dll (file missing)


----------



## lloyd

*4*

O2 - BHO: Class - {990B604D-7FC6-4E0B-4697-C2038F4CCF1A} - C:\WINDOWS\system32\d3up.dll (file missing)
O2 - BHO: Class - {99FA4172-70BA-F5F0-EB8D-3E910E0ADD26} - C:\WINDOWS\appie.dll
O2 - BHO: Class - {9AD28319-99FD-872D-AADE-9A73546279FA} - C:\WINDOWS\system32\atlei.dll (file missing)
O2 - BHO: Class - {9B4C92B4-9D54-68D0-1895-BE29FEDCB788} - C:\WINDOWS\system32\atloz.dll (file missing)
O2 - BHO: Class - {9C207CFF-DF60-AB9F-5237-9572CDA6C7E7} - C:\WINDOWS\system32\d3co32.dll
O2 - BHO: Class - {9CE283E7-669A-45BB-4625-1B2CC10B8B40} - C:\WINDOWS\msav.dll
O2 - BHO: Class - {9D736A07-0685-258B-4345-87704D260FE9} - C:\WINDOWS\system32\crvh.dll (file missing)
O2 - BHO: Class - {9E08A150-C462-B2E6-159E-827B27D06558} - C:\WINDOWS\system32\ieus32.dll
O2 - BHO: Class - {9E1C2098-D595-F524-F176-D0102B012320} - C:\WINDOWS\system32\mfcwe32.dll
O2 - BHO: Class - {9E5D1F6C-E11C-5BA5-3020-D1F4A8B9D84A} - C:\WINDOWS\apprh.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Class - {9F9B79E1-F532-5E8C-F69D-255E72D25C72} - C:\WINDOWS\system32\msuq.dll (file missing)
O2 - BHO: Class - {9FEDBD7E-E147-4760-1763-7146013BFF5D} - C:\WINDOWS\ipuj32.dll
O2 - BHO: Class - {A0B5AE4D-89E5-F22A-060E-06256A646F77} - C:\WINDOWS\mfcia32.dll
O2 - BHO: Class - {A16C5E7C-DEC1-2CE6-F513-D788EF01513B} - C:\WINDOWS\system32\addse.dll (file missing)
O2 - BHO: Class - {A1C91D26-6BFE-9DA5-0C53-AC5009FD3DC6} - C:\WINDOWS\system32\apisf.dll
O2 - BHO: Class - {A228710E-2CE8-F8F6-81BD-7CC3A16C63D0} - C:\WINDOWS\system32\netjl.dll (file missing)
O2 - BHO: Class - {A2CA1BE2-4F84-321D-86EF-3B7600C2E334} - C:\WINDOWS\netit32.dll (file missing)
O2 - BHO: Class - {A35C3A46-8DF5-C51B-E965-4BD3DD00597D} - C:\WINDOWS\system32\d3in.dll (file missing)
O2 - BHO: Class - {A3C9575C-6232-25EB-4E03-7600B3EA3F21} - C:\WINDOWS\system32\netzd32.dll (file missing)
O2 - BHO: Class - {A42316A5-6C97-FB02-0F02-DACA0C0CF3AF} - C:\WINDOWS\ipon.dll
O2 - BHO: Class - {A5363EEA-80FF-2D9D-B95C-136303CBE2E5} - C:\WINDOWS\system32\ipkn.dll (file missing)
O2 - BHO: Class - {A5EC6E46-02A9-7AE8-E3A6-16A108479874} - C:\WINDOWS\system32\sysqx32.dll
O2 - BHO: Class - {A69B7D98-9DAC-21C6-7ADB-7FF21D28CEC1} - C:\WINDOWS\system32\addep.dll
O2 - BHO: Class - {A6BCE966-302E-BD8D-25BA-12F8C7148266} - C:\WINDOWS\crwb32.dll
O2 - BHO: Class - {A6EE5EA4-B010-5E88-FBC9-1960401C41ED} - C:\WINDOWS\system32\ntzc.dll
O2 - BHO: Class - {A7E07085-B57F-70F2-3F48-7C08795ADF50} - C:\WINDOWS\system32\addbj.dll
O2 - BHO: Class - {A826E7AC-6278-BB02-4F84-13BD767C5184} - C:\WINDOWS\system32\winpi.dll (file missing)
O2 - BHO: Class - {A8E0DBBC-21EA-6EB6-A240-BD1A1653D589} - C:\WINDOWS\addth.dll
O2 - BHO: Class - {A967AA18-10D5-977A-8493-7B3F21F3DE9E} - C:\WINDOWS\sysgg.dll (file missing)
O2 - BHO: Class - {A9DBFCDF-AFF2-11A7-49FB-BA932BD2618D} - C:\WINDOWS\sysvk.dll (file missing)
O2 - BHO: Class - {AA3DBC87-F177-8D58-138B-069152EFDEAC} - C:\WINDOWS\system32\sysot32.dll
O2 - BHO: Class - {AADB9ABD-0002-CBE6-1BE2-2AB853D25403} - C:\WINDOWS\system32\atlmy32.dll (file missing)
O2 - BHO: Class - {AB6BF02B-429E-5DB1-A63A-6E88F4899C0E} - C:\WINDOWS\apiea.dll
O2 - BHO: Class - {ABA7F993-DA7E-7B57-A8D0-A14855CCD81E} - C:\WINDOWS\d3ls.dll
O2 - BHO: Class - {ABE3C81B-11A0-3141-BC25-380D6ED755AE} - C:\WINDOWS\system32\adduc32.dll
O2 - BHO: Class - {AC0C5F01-CAF2-86A5-FE15-50D81D631A6C} - C:\WINDOWS\system32\apiko.dll (file missing)
O2 - BHO: Class - {AC426F98-029C-D066-D1F6-847B9E676227} - C:\WINDOWS\system32\ntwr32.dll (file missing)
O2 - BHO: Class - {AC736673-E2F7-004B-D854-EC50B36BEC22} - C:\WINDOWS\system32\wincn32.dll (file missing)
O2 - BHO: Class - {AC9C4885-7656-D10D-70A9-3D0592AAE898} - C:\WINDOWS\atltc32.dll (file missing)
O2 - BHO: Class - {AD057E36-3E90-9C24-A714-A8ADE460FBF9} - C:\WINDOWS\ntzx.dll
O2 - BHO: Class - {AD327E2E-D82F-9587-7D79-960A66983C17} - C:\WINDOWS\system32\ieqo32.dll (file missing)
O2 - BHO: Class - {ADEAA3B6-9276-09CD-04E3-6EF1F7854839} - C:\WINDOWS\system32\mshy32.dll (file missing)
O2 - BHO: Class - {AE70AF85-4DA6-A44A-2E08-1E621D2653CA} - C:\WINDOWS\d3yc.dll
O2 - BHO: Class - {AE963F47-BC89-BD0D-3AE9-19865D9B1BB7} - C:\WINDOWS\system32\ntrf.dll
O2 - BHO: Class - {AEB30B7B-D825-F742-3A3A-7AF27E5FF550} - C:\WINDOWS\crgb32.dll
O2 - BHO: Class - {AEE98A84-9A76-BE17-DF76-A88F982D2404} - C:\WINDOWS\system32\netrq32.dll (file missing)
O2 - BHO: Class - {AF1BEE74-B1D1-2FF6-8E8A-9A95AE6518FF} - C:\WINDOWS\syszw32.dll
O2 - BHO: Class - {AF446CAC-E397-2EF1-156B-CBC927A65116} - C:\WINDOWS\sysmd32.dll (file missing)
O2 - BHO: Class - {AF5089F1-B33A-D60F-B08A-801E89C146C5} - C:\WINDOWS\system32\syswa32.dll
O2 - BHO: Class - {AF7908C9-41F4-AEDD-0CE4-434907CE91DC} - C:\WINDOWS\sdkvp32.dll
O2 - BHO: Class - {B0124011-BABF-88C8-D4E3-2FC5A007CE75} - C:\WINDOWS\system32\mfcxn.dll
O2 - BHO: Class - {B043489C-6BF0-01EB-E5BD-CE306F545707} - C:\WINDOWS\system32\ieju.dll
O2 - BHO: Class - {B063BC09-3AC4-3E4E-F159-D6A0C2BEB593} - C:\WINDOWS\javamk32.dll
O2 - BHO: Class - {B0BAA0D3-B86E-A237-D6EA-D5428A8C6CBC} - C:\WINDOWS\adduh32.dll
O2 - BHO: Class - {B12565FA-5A0A-BC98-EAE6-0AF60649DD54} - C:\WINDOWS\atldr.dll (file missing)
O2 - BHO: Class - {B18D58F4-33B6-E44B-3E36-2A99366EE1F3} - C:\WINDOWS\system32\ielg.dll
O2 - BHO: Class - {B1E7A707-24E5-6544-421B-A738C2B36E3A} - C:\WINDOWS\system32\ipkp.dll (file missing)
O2 - BHO: Class - {B24C88EC-60FC-99C0-BA5F-3F3DA397E615} - C:\WINDOWS\winhc.dll
O2 - BHO: Class - {B2783BA6-EC2F-89E2-CF53-7102F27AC213} - C:\WINDOWS\system32\nteu32.dll
O2 - BHO: Class - {B2790597-DA3D-CB0A-4509-7597E0896D28} - C:\WINDOWS\javazz32.dll (file missing)
O2 - BHO: Class - {B291DEE2-D9B2-592B-0C2E-27B58D348424} - C:\WINDOWS\msul32.dll
O2 - BHO: Class - {B2E365FF-AC68-1E32-AEDB-062877E048DF} - C:\WINDOWS\system32\mshc.dll
O2 - BHO: Class - {B31A4C19-741A-B567-F0E0-A2C7CDED6BD1} - C:\WINDOWS\system32\mfckx32.dll
O2 - BHO: Class - {B3395380-CDFA-D6F8-F22B-68D2608D3EC5} - C:\WINDOWS\ipbx32.dll


----------



## lloyd

*5*

O2 - BHO: Class - {B35E41D7-21EB-4FC8-369F-8EDCA0E710E9} - C:\WINDOWS\ntit32.dll
O2 - BHO: Class - {B378D258-7C47-6A75-FA8F-0D9D538B0429} - C:\WINDOWS\system32\javakc.dll
O2 - BHO: Class - {B48F3D02-50CD-5883-AAE8-0AF628511B10} - C:\WINDOWS\system32\netkp32.dll (file missing)
O2 - BHO: Class - {B4D22ABC-3E31-6C0E-3927-DA54258D30DD} - C:\WINDOWS\system32\crul32.dll
O2 - BHO: Class - {B51D9877-B89F-AF85-6260-D52F509B1F43} - C:\WINDOWS\winkj.dll
O2 - BHO: Class - {B5592939-58F5-74F6-1A4B-B1F31520529E} - C:\WINDOWS\system32\wingf32.dll
O2 - BHO: Class - {B56A5F1A-1B05-A675-5C09-AD563EAF1965} - C:\WINDOWS\crup.dll (file missing)
O2 - BHO: Class - {B597EFD4-13E4-FDEC-9426-B3489B5BA711} - C:\WINDOWS\system32\mfcvu32.dll (file missing)
O2 - BHO: Class - {B618EC5E-B49B-1193-D01F-6EABD79E22CC} - C:\WINDOWS\apidu32.dll
O2 - BHO: Class - {B649FD4B-BDCD-72D4-5CE4-D490DFA46F99} - C:\WINDOWS\system32\crxy.dll (file missing)
O2 - BHO: Class - {B6538DD6-4537-7114-B27B-08CAEDEDD4E2} - C:\WINDOWS\d3dw32.dll (file missing)
O2 - BHO: Class - {B6C621ED-821B-4311-4EF1-ACA0C115E707} - C:\WINDOWS\sdkvu32.dll (file missing)
O2 - BHO: Class - {B759AF20-4403-C149-591C-DB1E7E371F47} - C:\WINDOWS\apiio.dll
O2 - BHO: Class - {B794BCAF-F238-A326-77E2-A448481D2880} - C:\WINDOWS\system32\winfs32.dll (file missing)
O2 - BHO: Class - {B7B31397-93FC-5ABD-5E72-3C4626580399} - C:\WINDOWS\apitp.dll
O2 - BHO: Class - {B7E372AA-5214-5339-1C44-04A6C88B6A13} - C:\WINDOWS\system32\sysfv.dll (file missing)
O2 - BHO: Class - {B84D9A9B-5648-3F51-42B4-69DAC956800A} - C:\WINDOWS\crkq32.dll
O2 - BHO: Class - {B87618D3-880E-3E5D-C986-8A0E3397D821} - C:\WINDOWS\iemq.dll
O2 - BHO: Class - {B907FD48-75C1-78A0-3DCB-EE61C88E7FE9} - C:\WINDOWS\sdkcd.dll
O2 - BHO: Class - {B9B03493-3AB7-1458-DC72-1757D8B6955D} - C:\WINDOWS\winwx32.dll
O2 - BHO: Class - {B9E2E44C-EE57-A711-7BB5-5A4816D6A0C1} - C:\WINDOWS\d3de32.dll (file missing)
O2 - BHO: Class - {BA5B7E7E-7E42-3E5B-3207-687BB3F1D3E2} - C:\WINDOWS\msvc.dll
O2 - BHO: Class - {BA6A175E-371D-F4CE-EB30-AEC29D9BAAF2} - C:\WINDOWS\system32\crwi32.dll
O2 - BHO: Class - {BA8BD793-5432-6734-8550-4EDA48470E4D} - C:\WINDOWS\syszh.dll
O2 - BHO: Class - {BABD9DA6-1A9E-2FD5-636D-C0DB378E00C3} - C:\WINDOWS\sysuh32.dll (file missing)
O2 - BHO: Class - {BB0401E6-61A6-0344-A30F-3DFA178D6F76} - C:\WINDOWS\netvl.dll
O2 - BHO: Class - {BB2E6852-7961-1E70-E3C8-8433F21B7649} - C:\WINDOWS\crmq32.dll (file missing)
O2 - BHO: Class - {BB64CF1B-EDD6-054C-3EC4-EDBA6BF43D9B} - C:\WINDOWS\nethh32.dll
O2 - BHO: Class - {BBF5E38D-037F-77FE-1BD4-D0175630EF03} - C:\WINDOWS\apitm.dll
O2 - BHO: Class - {BC233C64-EFBC-D80C-C17A-896F21A0FE92} - C:\WINDOWS\atlcj32.dll
O2 - BHO: Class - {BCB849EE-3C14-2916-6479-61D23E66F6F4} - C:\WINDOWS\system32\windq32.dll
O2 - BHO: Class - {BCDBE2ED-5654-27AF-FF49-99D16764D767} - C:\WINDOWS\winrg.dll
O2 - BHO: Class - {BD0CD07E-5662-22A8-B88F-29ECDBF0410E} - C:\WINDOWS\netvv32.dll
O2 - BHO: Class - {BD520615-A0FE-2B41-04CA-59FA6ED5EFA4} - C:\WINDOWS\system32\winwf32.dll (file missing)
O2 - BHO: Class - {BD6313A4-2C0C-75A1-DC8E-8EE34EAAF230} - C:\WINDOWS\system32\ipvu32.dll (file missing)
O2 - BHO: Class - {BDDABD52-6460-D76F-0078-B26F3AE89F02} - C:\WINDOWS\system32\iejo32.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {BE19E8BB-F0BF-178F-378D-58D7C4786A75} - C:\WINDOWS\sdkqf.dll (file missing)
O2 - BHO: Class - {BEAA2F9B-C43F-651F-A6A4-D22635151300} - C:\WINDOWS\system32\ievh32.dll (file missing)
O2 - BHO: Class - {BEF00307-0846-75C4-B6F5-84A949B91F47} - C:\WINDOWS\system32\javauk.dll
O2 - BHO: Class - {BF97E97C-168D-6BD6-D534-BAAB52B0306D} - C:\WINDOWS\system32\apiif32.dll
O2 - BHO: Class - {BFBD6C8A-197E-7353-856C-144733A3E7C2} - C:\WINDOWS\ipjx32.dll (file missing)
O2 - BHO: Class - {BFD9FA3A-C0CE-30AE-2B7C-0F987054EF24} - C:\WINDOWS\system32\netjr.dll
O2 - BHO: Class - {C084611B-0626-0E05-5B4B-2CAF285DB5A4} - C:\WINDOWS\javamd.dll (file missing)
O2 - BHO: Class - {C0B51229-8BE1-750D-3E7B-7281518F3F79} - C:\WINDOWS\applj32.dll
O2 - BHO: Class - {C0E29FD4-F512-9647-CA15-C8EB9E72B58B} - C:\WINDOWS\system32\apias32.dll
O2 - BHO: Class - {C130D49F-C962-BD75-6B24-24CC50CC4248} - C:\WINDOWS\netrm.dll (file missing)
O2 - BHO: Class - {C15E8A09-A419-0B02-2618-8EBE6AA23677} - C:\WINDOWS\system32\adddc.dll
O2 - BHO: Class - {C168B909-17E4-699C-5A21-7AF4A2E20AF7} - C:\WINDOWS\javawe32.dll (file missing)
O2 - BHO: Class - {C17630F0-44D4-91C7-ECCD-5C43EB80D769} - C:\WINDOWS\mfcqz32.dll (file missing)
O2 - BHO: Class - {C205C173-C801-4313-FC5C-D7AB543DFBE1} - C:\WINDOWS\addgd.dll
O2 - BHO: Class - {C231147F-B1BC-281B-58BC-F96EC43C13E7} - C:\WINDOWS\system32\mfcnc32.dll
O2 - BHO: Class - {C2CAFF59-2CB5-AC2F-01C3-DD7DBFA12089} - C:\WINDOWS\system32\netat.dll (file missing)
O2 - BHO: Class - {C2EE75EA-992E-CDDB-0B7B-8D7B624E19D9} - C:\WINDOWS\javauc32.dll (file missing)
O2 - BHO: Class - {C375BE40-9B27-CB78-4A8E-D6E6F202BFA9} - C:\WINDOWS\system32\appri32.dll (file missing)
O2 - BHO: Class - {C39B6C73-E0BA-E376-6EEC-681BABFA427A} - C:\WINDOWS\netbs.dll (file missing)
O2 - BHO: Class - {C41A1757-ABD9-7DE0-E865-B9FD4D511A3B} - C:\WINDOWS\system32\apive.dll (file missing)
O2 - BHO: Class - {C431BFCA-0D83-9DC9-880D-0721391F47AA} - C:\WINDOWS\system32\atlcm32.dll (file missing)
O2 - BHO: Class - {C45561A6-5EC8-04CA-044C-D1A1C661EDD2} - C:\WINDOWS\addzl.dll
O2 - BHO: Class - {C4790940-96EC-3F25-4A2F-F6BF035B6FD5} - C:\WINDOWS\system32\sysep.dll (file missing)
O2 - BHO: Class - {C517872A-6D77-8E92-F227-B5714851DA13} - C:\WINDOWS\system32\apijd32.dll
O2 - BHO: Class - {C57C0B7D-AA25-C69F-541D-8DFCEADF8E7E} - C:\WINDOWS\system32\ieak.dll (file missing)
O2 - BHO: Class - {C59125DF-029B-6A6C-6A20-25059899CD06} - C:\WINDOWS\winwf.dll (file missing)
O2 - BHO: Class - {C5C5F4CF-EFEB-9A74-38BD-4977E9257440} - C:\WINDOWS\system32\croc.dll
O2 - BHO: Class - {C5FC35B6-8BE3-279D-DE9E-F4A2E4569088} - C:\WINDOWS\msmy32.dll (file missing)
O2 - BHO: Class - {C668EA18-2D58-B7FF-B81A-5DFB1E599256} - C:\WINDOWS\system32\crpv32.dll
O2 - BHO: Class - {C680FC92-CC8D-3933-941C-DB2ADEAD27D8} - C:\WINDOWS\javara.dll
O2 - BHO: Class - {C692D7A9-4CB6-C211-2912-C399ED6C9248} - C:\WINDOWS\system32\ieef32.dll
O2 - BHO: Class - {C6D82058-621D-D46A-D277-77A7FCA0D991} - C:\WINDOWS\ntyc32.dll
O2 - BHO: Class - {C72A4586-4D25-38C9-9B49-C0A7147CE676} - C:\WINDOWS\javayu32.dll (file missing)


----------



## lloyd

*6*

O2 - BHO: Class - {C75AEB7B-18DF-27AF-DBA3-059058EDCC2F} - C:\WINDOWS\system32\ntwm.dll (file missing)
O2 - BHO: Class - {C7B33F7A-073C-9061-F6F7-482F69867311} - C:\WINDOWS\d3ut32.dll
O2 - BHO: Class - {C7F18D20-8BB0-35BA-FF9A-C370779130D9} - C:\WINDOWS\system32\appwh.dll
O2 - BHO: Class - {C88EE8D4-3263-1825-EEAF-BEB18A3DD312} - C:\WINDOWS\mscv.dll (file missing)
O2 - BHO: Class - {C8BCDBEF-C301-AF55-7F17-561668DBE389} - C:\WINDOWS\netjb.dll (file missing)
O2 - BHO: Class - {C8DD1A3C-80E3-1DD2-0279-631BC954EC39} - C:\WINDOWS\system32\ntmf32.dll
O2 - BHO: Class - {C8ECB30D-4AAE-D344-BCA2-A97394FEB349} - C:\WINDOWS\sdkdc32.dll
O2 - BHO: Class - {C91E8822-B5BC-029B-6848-CE8C742CD99D} - C:\WINDOWS\sdkip.dll
O2 - BHO: Class - {C97C25C3-652E-69AA-115D-2E4313BB2D75} - C:\WINDOWS\crdh32.dll
O2 - BHO: Class - {C993716C-9401-E0F2-033D-787405AA0F8D} - C:\WINDOWS\appuj.dll
O2 - BHO: Class - {CA166A16-929C-9648-3156-9057CC1A9E5B} - C:\WINDOWS\system32\sdkeu32.dll (file missing)
O2 - BHO: Class - {CA536228-5961-D1A0-FEFF-CF26224A6BFA} - C:\WINDOWS\appzs.dll (file missing)
O2 - BHO: Class - {CAB77176-02BF-A261-FD7D-A41EC47A7458} - C:\WINDOWS\system32\netzy.dll (file missing)
O2 - BHO: Class - {CAE5D01E-D1D5-0A94-36DA-A1764B33E959} - C:\WINDOWS\system32\crhv32.dll
O2 - BHO: Class - {CAF6E144-63FF-5169-432A-A4605DE3B9A4} - C:\WINDOWS\sysva32.dll (file missing)
O2 - BHO: Class - {CB7B7600-2155-DA44-2CC1-5FF575F3F4B2} - C:\WINDOWS\system32\appux32.dll (file missing)
O2 - BHO: Class - {CB9A63C7-F8A0-BF83-FEB2-F1683B90588A} - C:\WINDOWS\system32\msop.dll (file missing)
O2 - BHO: Class - {CBAEB624-5138-E8C4-E7EF-A6698175DD54} - C:\WINDOWS\msxf.dll
O2 - BHO: Class - {CBD77B3F-8090-DD29-E058-34289DE3949A} - C:\WINDOWS\msam32.dll (file missing)
O2 - BHO: Class - {CBFF6A45-C0FA-57F2-DCDA-DECF316CA202} - C:\WINDOWS\appzt32.dll
O2 - BHO: Class - {CC2A66A5-539A-852C-FA22-A3BD80E37FC4} - C:\WINDOWS\system32\crwn32.dll (file missing)
O2 - BHO: Class - {CC5F15C0-4FA5-2B34-9D3E-0BB480B5C834} - C:\WINDOWS\system32\appfx.dll
O2 - BHO: Class - {CC76A8DE-4196-33A2-4D56-645061976E88} - C:\WINDOWS\system32\apiis32.dll (file missing)
O2 - BHO: Class - {CC985D9C-36D5-1715-E675-D25064DCF19D} - C:\WINDOWS\system32\d3gv.dll (file missing)
O2 - BHO: Class - {CD982133-C8CB-ADFC-ECDA-3AFE92ABDA8E} - C:\WINDOWS\cruy32.dll (file missing)
O2 - BHO: Class - {CDD25743-1CD3-E350-AC37-EBB88EAD3517} - C:\WINDOWS\system32\ipik.dll
O2 - BHO: Class - {CDF9636C-D75A-2630-DA17-CE41F76F5491} - C:\WINDOWS\systl.dll
O2 - BHO: Class - {CE4EFCA5-BE39-72B1-86A3-43F1C9A037D4} - C:\WINDOWS\msup.dll
O2 - BHO: Class - {CE8822B5-F232-B915-4610-F4ABB592926D} - C:\WINDOWS\mspo.dll
O2 - BHO: Class - {CE8BF10F-B86B-6B2A-DCC6-B629FA397B4B} - C:\WINDOWS\system32\appan.dll (file missing)
O2 - BHO: Class - {CEC2B27A-883F-E124-1F3F-2CBA3C952B4F} - C:\WINDOWS\apini32.dll
O2 - BHO: Class - {CF1C66A5-22A7-AA44-A767-EB79B05C5F1B} - C:\WINDOWS\appiu32.dll
O2 - BHO: Class - {CF32589B-F52D-817F-A1CA-18A0CAB75960} - C:\WINDOWS\javake32.dll (file missing)
O2 - BHO: Class - {CF572AD5-70E5-5DB4-E059-404FFB42AA7A} - C:\WINDOWS\system32\d3yg.dll
O2 - BHO: Class - {CFE63210-C122-AAC2-5CE6-9CFFB33BFC5E} - C:\WINDOWS\addxi32.dll
O2 - BHO: Class - {D0146BCC-3676-B4F9-B52E-54D4A209FA59} - C:\WINDOWS\crls32.dll
O2 - BHO: Class - {D02FAF17-CBFC-366B-3800-802ABB60B4EB} - C:\WINDOWS\netnj.dll (file missing)
O2 - BHO: Class - {D04E428A-707D-E0C0-D7C3-53A24CB3DBD1} - C:\WINDOWS\system32\ieem32.dll (file missing)
O2 - BHO: Class - {D04FEDA4-D7C0-3150-02FF-AD27F54D4CA1} - C:\WINDOWS\mfcjg32.dll (file missing)
O2 - BHO: Class - {D0E04D53-A8CB-6CF6-83EA-25418CADEF98} - C:\WINDOWS\syshs.dll (file missing)
O2 - BHO: Class - {D1263902-0911-8EE9-8027-E3726F711A2F} - C:\WINDOWS\addtc32.dll
O2 - BHO: Class - {D1B08BEF-61F3-13A0-6BCC-CB7E58770653} - C:\WINDOWS\netsr32.dll (file missing)
O2 - BHO: Class - {D1DC71DB-95AD-1742-1B05-0653ADF80398} - C:\WINDOWS\sdkbn.dll
O2 - BHO: Class - {D2318DD5-1456-6B4E-F68F-C6E146E1680F} - C:\WINDOWS\sdklf32.dll (file missing)
O2 - BHO: Class - {D26AF2AB-0F2A-822B-1267-109C8769FEDC} - C:\WINDOWS\msje.dll
O2 - BHO: Class - {D2AD2325-0119-62FA-1172-8B029FFD46EF} - C:\WINDOWS\system32\syszq.dll (file missing)
O2 - BHO: Class - {D302FBFE-D75B-9295-52A8-518F322A8AF1} - C:\WINDOWS\system32\addxw.dll
O2 - BHO: Class - {D319ADC9-32F9-B509-BC94-C0B30CFDEB91} - C:\WINDOWS\mspt32.dll (file missing)
O2 - BHO: Class - {D352BD18-932A-F537-F83A-2D6D4CB6E0A7} - C:\WINDOWS\system32\javaje.dll
O2 - BHO: Class - {D3FEB881-8EC2-7844-697C-AC8DEC450626} - C:\WINDOWS\system32\d3bv.dll
O2 - BHO: Class - {D45147C0-D462-2383-1F5F-CA01325DFB27} - C:\WINDOWS\ipit.dll (file missing)
O2 - BHO: Class - {D4A3A16D-E168-DA5F-9A7F-1263C397E4FE} - C:\WINDOWS\system32\crss.dll
O2 - BHO: Class - {D4C865F2-EF3F-A44E-8D54-A989848F235F} - C:\WINDOWS\addkg.dll
O2 - BHO: Class - {D5094E1F-7073-97DC-452B-550CEC4016EC} - C:\WINDOWS\winhp.dll (file missing)
O2 - BHO: Class - {D54006DD-F98A-C0B8-572B-C19E36BC7181} - C:\WINDOWS\nten.dll (file missing)
O2 - BHO: Class - {D55EAE87-202A-3F55-F3F4-130CFFA66735} - C:\WINDOWS\system32\d3kt32.dll
O2 - BHO: Class - {D5803A75-94E4-D765-5CDA-5E6515E89C3E} - C:\WINDOWS\system32\apiyb32.dll
O2 - BHO: Class - {D61D1D35-032C-D543-DA97-C2A2B06597AC} - C:\WINDOWS\system32\sdkww.dll (file missing)
O2 - BHO: Class - {D6BC91DE-64FE-77FB-C69C-535E38F6B014} - C:\WINDOWS\addgr.dll (file missing)
O2 - BHO: Class - {D6F8BB01-9E05-4B1D-410C-CD00706EEAE6} - C:\WINDOWS\winwc.dll
O2 - BHO: Class - {D741F288-69CD-DC65-04EF-24D24A69D9CD} - C:\WINDOWS\system32\addbk.dll
O2 - BHO: Class - {D77433F3-6BCC-BD33-04FB-8F4852FE21CF} - C:\WINDOWS\system32\appgo32.dll (file missing)
O2 - BHO: Class - {D7B24D74-544A-75E5-979E-EDA8D32B042A} - C:\WINDOWS\crsv32.dll
O2 - BHO: Class - {D7DC9791-A12E-511A-BF9B-B75A4B4A69B5} - C:\WINDOWS\atlir.dll
O2 - BHO: Class - {D817E2EF-7DA4-B792-46BD-3A23F1F74128} - C:\WINDOWS\d3cr.dll
O2 - BHO: Class - {D82EE588-4BCA-D64F-594D-C86A9AAE64BF} - C:\WINDOWS\apixr.dll (file missing)
O2 - BHO: Class - {D849A7FC-710D-53C7-D561-509D49D3C396} - C:\WINDOWS\system32\atlkd.dll (file missing)
O2 - BHO: Class - {D883F4CC-A8EE-9040-1995-5458D21F8391} - C:\WINDOWS\system32\netle32.dll (file missing)
O2 - BHO: Class - {D8F26787-007D-D1B7-89B5-7E1F52A96F3C} - C:\WINDOWS\system32\atltd32.dll (file missing)
O2 - BHO: Class - {D9529B1E-58BD-C16B-D9B2-14013AC2FD84} - C:\WINDOWS\system32\netqj32.dll
O2 - BHO: Class - {D9AC509D-1E9F-D513-D75E-449AC8A46BE2} - C:\WINDOWS\system32\crai32.dll
O2 - BHO: Class - {D9DE2FBC-3AD0-A195-EB77-7913F493B121} - C:\WINDOWS\system32\appxh32.dll
O2 - BHO: Class - {DA13EDBF-4195-D9CE-CC71-E64CDCA18BE0} - C:\WINDOWS\system32\ipsa32.dll
O2 - BHO: Class - {DA4303A4-7F0E-EE37-6476-E29A5C3B85F5} - C:\WINDOWS\syspm32.dll
O2 - BHO: Class - {DA69B312-479E-04FF-2B2B-F34795A0072E} - C:\WINDOWS\d3cm32.dll (file missing)
O2 - BHO: Class - {DA961EB4-D503-2B8A-69AB-C4905735F48D} - C:\WINDOWS\atlpj32.dll
O2 - BHO: Class - {DB038CA1-A46C-19B5-85CF-0D6E9434330F} - C:\WINDOWS\system32\ipod32.dll (file missing)
O2 - BHO: (no name) - {DB1F16ED-3443-5914-E457-B3DB4B9BD747} - C:\DOCUME~1\other\APPLIC~1\POKEHT~1\stopdart.exe
O2 - BHO: Class - {DB26F49F-94D2-381B-21DE-2CF4D74E0AC6} - C:\WINDOWS\ntty32.dll
O2 - BHO: Class - {DB64B283-BB07-8F6F-B9A9-8FB11BD47AD0} - C:\WINDOWS\system32\nethu32.dll (file missing)
O2 - BHO: Class - {DBEDBE1F-31B0-3AE5-7CED-C3D09595A0C4} - C:\WINDOWS\system32\addim32.dll
O2 - BHO: Class - {DC02FBE0-460D-CBB1-24F7-E4EAB9C0E560} - C:\WINDOWS\netif.dll (file missing)


----------



## lloyd

*7*

O2 - BHO: Class - {DC8A1A8E-30F9-0FF2-B412-54EC15B87996} - C:\WINDOWS\system32\mspk32.dll
O2 - BHO: Class - {DCE850FD-B5AF-B9D6-040D-9FA0DC624EE6} - C:\WINDOWS\system32\ntuo.dll
O2 - BHO: Class - {DD499CA0-63C5-BE6B-7B26-F81AF2321007} - C:\WINDOWS\system32\atlqn.dll
O2 - BHO: Class - {DD6D55FD-C699-0028-DB35-7E38BF78BA5D} - C:\WINDOWS\ntbi32.dll
O2 - BHO: Class - {DDF6B14C-567D-8D1E-21D4-2CACE1295ABB} - C:\WINDOWS\syswn32.dll (file missing)
O2 - BHO: Class - {DE2149D4-D99F-119A-F16C-B80FD1A51175} - C:\WINDOWS\sdkft.dll (file missing)
O2 - BHO: Class - {DED76499-CA0F-F1EC-49FC-82EE69E2F8DB} - C:\WINDOWS\system32\apizn.dll
O2 - BHO: Class - {DEEC4F78-64BF-6F57-27B8-B374376510B7} - C:\WINDOWS\system32\msez.dll (file missing)
O2 - BHO: Class - {DF52A427-A94E-256A-7FF7-A0060FEDB100} - C:\WINDOWS\apprw32.dll
O2 - BHO: Class - {DF81C44D-3E60-F698-D3FF-CB7B4BFB1DFB} - C:\WINDOWS\ipsm32.dll
O2 - BHO: Class - {DF9CB6C3-8E7D-6253-4FD4-7C38D013948E} - C:\WINDOWS\mskl32.dll (file missing)
O2 - BHO: Class - {DFBFB007-0C50-3E65-C735-D84AD307C759} - C:\WINDOWS\system32\d3xj.dll
O2 - BHO: Class - {DFEFEEA2-BF82-757F-5259-732FA544A6C7} - C:\WINDOWS\system32\netpu32.dll (file missing)
O2 - BHO: Class - {E060B0E0-C168-01F3-BC7E-3F0122D53D1E} - C:\WINDOWS\system32\mfcmy.dll
O2 - BHO: Class - {E09C9377-9648-FD1B-7B46-875E5BA9B258} - C:\WINDOWS\msaw.dll
O2 - BHO: Class - {E0C178B2-8454-511A-88BC-EADF5E5B5094} - C:\WINDOWS\iemr.dll
O2 - BHO: Class - {E0FF3E5C-4043-EAF0-0397-EB24D486A427} - C:\WINDOWS\apivk.dll (file missing)
O2 - BHO: Class - {E13BCA18-7F26-83F0-5DCA-D59602605F17} - C:\WINDOWS\apinc.dll
O2 - BHO: Class - {E16ABF8F-83C2-19DB-8289-DC73827B4EE6} - C:\WINDOWS\system32\crma.dll
O2 - BHO: Class - {E1F1A46E-FC39-10DA-D25A-38ED117064E0} - C:\WINDOWS\crfq.dll (file missing)
O2 - BHO: Class - {E2157285-80E2-5E41-66C6-A683E585E5A0} - C:\WINDOWS\system32\crfb32.dll
O2 - BHO: Class - {E29CD8F5-8770-88FC-7869-830FD4AAE7E4} - C:\WINDOWS\system32\addlj32.dll (file missing)
O2 - BHO: Class - {E2D53A22-B5A2-6CEA-2CBA-2124E08BE388} - C:\WINDOWS\atlut32.dll
O2 - BHO: Class - {E2F6A992-AC4E-B9AA-BEDD-46A226F805F4} - C:\WINDOWS\system32\ipbv32.dll (file missing)
O2 - BHO: Class - {E341DE2F-85FC-180D-C139-767C3F7B77E5} - C:\WINDOWS\system32\atlcv.dll (file missing)
O2 - BHO: Class - {E369B936-27B9-6DAA-0148-4F8BB34B7DB3} - C:\WINDOWS\system32\addsz32.dll (file missing)
O2 - BHO: Class - {E39627D7-43DC-A961-EB4B-E16C959872CC} - C:\WINDOWS\system32\sdkqe32.dll
O2 - BHO: Class - {E426BCED-DD32-904C-AC71-CE36B0634506} - C:\WINDOWS\d3cq32.dll (file missing)
O2 - BHO: Class - {E448F4D7-E1C0-5DD7-704C-D549F9DCA327} - C:\WINDOWS\system32\sdkuf32.dll
O2 - BHO: Class - {E4630875-2D99-D343-395A-FB070852B36D} - C:\WINDOWS\system32\mfcpv.dll (file missing)
O2 - BHO: Class - {E4D353C5-F038-4827-9CDA-ABDCF49E5AB5} - C:\WINDOWS\appry32.dll (file missing)
O2 - BHO: Class - {E4F78A3B-E4C9-A50B-F62B-9CD76792AA50} - C:\WINDOWS\ieli.dll
O2 - BHO: Class - {E4F9FEE9-B60D-49F8-14A6-7B797DCDD6EC} - C:\WINDOWS\system32\addpj.dll (file missing)
O2 - BHO: Class - {E5DFBE3D-911A-35E2-57B3-67413E68249B} - C:\WINDOWS\syscx.dll
O2 - BHO: Class - {E60FF9E4-570D-C936-5208-5AC75C21B9E0} - C:\WINDOWS\sdkji32.dll (file missing)
O2 - BHO: Class - {E63483BB-E44E-66D3-0593-DE4540278A45} - C:\WINDOWS\system32\appcm.dll
O2 - BHO: Class - {E66033D3-0B56-750C-2254-9C91038A086C} - C:\WINDOWS\system32\appjo.dll
O2 - BHO: Class - {E699A80F-C737-7F27-8229-0B4D3F150CA9} - C:\WINDOWS\system32\javaha.dll (file missing)
O2 - BHO: Class - {E7143D05-3008-AA55-9855-1677D6EE5595} - C:\WINDOWS\d3wk32.dll
O2 - BHO: Class - {E7426EE6-6862-210F-8537-69DE0902AF51} - C:\WINDOWS\system32\sdkjk.dll
O2 - BHO: Class - {E7E10A94-7C17-AD1A-49E0-508B29FF9D9B} - C:\WINDOWS\system32\netif32.dll
O2 - BHO: Class - {E843DEFD-22B6-EBB3-0AC4-2EE1DC8C5882} - C:\WINDOWS\system32\ieit32.dll
O2 - BHO: Class - {E86D22B7-C656-24F6-633A-03A13BAB127D} - C:\WINDOWS\system32\netpd.dll
O2 - BHO: Class - {E8A21F6F-CE35-C5F4-D125-77B47648F1A3} - C:\WINDOWS\netlp32.dll (file missing)
O2 - BHO: Class - {E8D60F02-B624-2C7E-A7EF-0C465710C12F} - C:\WINDOWS\system32\crjb32.dll
O2 - BHO: Class - {E92EFA08-05B6-5902-325B-EF61C5EC29A7} - C:\WINDOWS\system32\winoz32.dll (file missing)
O2 - BHO: Class - {E962AC74-29D8-A4A9-1DBF-38F236D56CF5} - C:\WINDOWS\system32\ntxd32.dll
O2 - BHO: Class - {E97B33F2-5C6C-9E19-5C29-99B4F7678C64} - C:\WINDOWS\mfcxo32.dll (file missing)
O2 - BHO: Class - {E99407A6-44D5-30C4-CDB1-7DD26236D6A2} - C:\WINDOWS\ipky.dll
O2 - BHO: Class - {EA48199E-0D51-A7AF-25D1-9640972E0944} - C:\WINDOWS\addzg32.dll
O2 - BHO: Class - {EABCF478-58D6-5E05-33DF-A7AF0C939A87} - C:\WINDOWS\winnw.dll (file missing)
O2 - BHO: Class - {EAEAF285-014C-1682-4ABD-5C13CE426ECF} - C:\WINDOWS\system32\ntxd.dll (file missing)
O2 - BHO: Class - {EAF79499-1766-EB48-D04E-2CDD27C0DD4C} - C:\WINDOWS\ntqb32.dll
O2 - BHO: Class - {EB3F1F3A-312D-1F0B-BE12-33935E41A208} - C:\WINDOWS\system32\atlmi32.dll (file missing)
O2 - BHO: Class - {EB78D545-7084-1460-B78B-C15169BF794D} - C:\WINDOWS\system32\msmj.dll (file missing)
O2 - BHO: Class - {EB9027AC-39AF-DEE3-FD58-FD6C8F49F960} - C:\WINDOWS\system32\ntum32.dll (file missing)
O2 - BHO: Class - {EBA72B4B-C8B6-180C-5E41-E729CE5B9CFE} - C:\WINDOWS\msws32.dll (file missing)
O2 - BHO: Class - {EBCE64E5-5AEC-5937-A3AE-61D28181775D} - C:\WINDOWS\iedv32.dll
O2 - BHO: Class - {EC1707B3-CAC1-BD23-6786-C373710EE156} - C:\WINDOWS\system32\ieid.dll (file missing)


----------



## lloyd

O2 - BHO: Class - {EC2F8D1A-6A3A-61BE-88A0-314B30E0317A} - C:\WINDOWS\sysqj32.dll (file missing)
O2 - BHO: Class - {EC5229CB-E994-4040-FBB2-ECB3E57E8FA6} - C:\WINDOWS\ntll.dll
O2 - BHO: Class - {ECCE3521-78D3-E064-17BC-5AF82EF261E6} - C:\WINDOWS\ipkm.dll
O2 - BHO: Class - {ED773C7F-04E4-55BD-4C88-E5F4D8E57CAA} - C:\WINDOWS\winka.dll (file missing)
O2 - BHO: Class - {EDA39711-A259-7C47-8B08-B63D9A8A7A1A} - C:\WINDOWS\system32\netgv32.dll (file missing)
O2 - BHO: Class - {EDB630B0-27AD-32B3-EC50-7032C9436D7D} - C:\WINDOWS\system32\ielu.dll
O2 - BHO: Class - {EDE061C3-938E-A964-2124-4EFC98478BD5} - C:\WINDOWS\system32\d3rp.dll
O2 - BHO: Class - {EE13EB7D-EBCF-F6FC-0596-289AC46D563C} - C:\WINDOWS\system32\winfj32.dll (file missing)
O2 - BHO: Class - {EE64C95D-CA16-A16C-29CA-648731569905} - C:\WINDOWS\sysys32.dll
O2 - BHO: Class - {EE72118D-405B-F80E-60FC-ABE4266F3C23} - C:\WINDOWS\winon.dll (file missing)
O2 - BHO: Class - {EE8AE631-38C4-9AC9-E084-7F02913E9650} - C:\WINDOWS\atlbs32.dll (file missing)
O2 - BHO: Class - {EEFC716C-4EB3-E35E-8C8B-71772121F4C1} - C:\WINDOWS\addfe32.dll (file missing)
O2 - BHO: Class - {EF1DDF86-6543-6ED0-DAB0-83F46C8BA6BD} - C:\WINDOWS\system32\ntdb32.dll
O2 - BHO: Class - {EFA0CDD8-79FB-118B-3E66-89D764D7F24A} - C:\WINDOWS\system32\atlnd.dll
O2 - BHO: Class - {EFEAC42B-6446-4BFA-43FF-240967E8A396} - C:\WINDOWS\system32\addjh.dll (file missing)
O2 - BHO: Class - {F002AC88-197D-52CF-C9AD-794EE679E071} - C:\WINDOWS\winmu32.dll (file missing)
O2 - BHO: Class - {F02E3B9E-91EA-F259-A3AA-78801E4D5744} - C:\WINDOWS\system32\atlkf.dll
O2 - BHO: Class - {F0D5369E-9114-47AB-B1CA-76F455C0CFD1} - C:\WINDOWS\winxp32.dll (file missing)
O2 - BHO: Class - {F0FB122A-53DE-FBFE-7C53-741CBF04D314} - C:\WINDOWS\system32\winaf32.dll
O2 - BHO: Class - {F18949DB-2CBC-81C3-5DC7-B25366CB61D4} - C:\WINDOWS\sysob32.dll
O2 - BHO: Class - {F1AFF455-C4AD-46E3-1990-97F1E91C5B7B} - C:\WINDOWS\system32\ipid.dll (file missing)
O2 - BHO: Class - {F1EE7E2F-9AC2-0ACC-8669-4ACBB02CE5A0} - C:\WINDOWS\atlgn.dll
O2 - BHO: Class - {F23DA69D-3800-824F-53AF-DEB5A483DECD} - C:\WINDOWS\system32\d3ty32.dll
O2 - BHO: Class - {F2572CB5-8987-A970-4E3C-3C7679029FDC} - C:\WINDOWS\system32\netuv.dll
O2 - BHO: Class - {F315F1A6-9844-FC89-8DFB-101F23A53EEA} - C:\WINDOWS\system32\addhd.dll (file missing)
O2 - BHO: Class - {F33C5145-ED5E-2708-ABFB-F1BA8D26DD1B} - C:\WINDOWS\sdkmt.dll
O2 - BHO: Class - {F3F316D9-A203-593F-7A70-A6A52D8F46FA} - C:\WINDOWS\system32\mfceu.dll (file missing)
O2 - BHO: Class - {F477C3A3-BBD5-3B78-AB78-7F0E35C51A6A} - C:\WINDOWS\msxp32.dll
O2 - BHO: Class - {F49E4405-1B9E-9D79-D2B6-B1B83E92E2ED} - C:\WINDOWS\javaxq.dll
O2 - BHO: Class - {F508238F-F52B-9FF9-41BC-BCE5F30907CF} - C:\WINDOWS\system32\addud32.dll (file missing)
O2 - BHO: Class - {F52DCF2D-8EF0-1BEE-927B-FD01E6180063} - C:\WINDOWS\system32\ieer.dll (file missing)
O2 - BHO: Class - {F55C72C0-13B8-E0AC-E025-78ECF4B088BD} - C:\WINDOWS\system32\croz.dll (file missing)
O2 - BHO: Class - {F5E5DE05-657F-880E-A52E-71E8CBCBA712} - C:\WINDOWS\ipvf32.dll (file missing)
O2 - BHO: Class - {F69A97CF-9E4B-FBD5-D761-DE44BD197C2F} - C:\WINDOWS\netaf32.dll (file missing)
O2 - BHO: Class - {F6BCAC5B-F512-DB71-1A25-5B568F21C13C} - C:\WINDOWS\mszd.dll (file missing)
O2 - BHO: Class - {F6C4F8F3-15F6-41B9-0BF5-B5877210B334} - C:\WINDOWS\ntnd32.dll (file missing)
O2 - BHO: Class - {F6E2FCAE-1198-A1BC-63E6-EFD2567AC69A} - C:\WINDOWS\ipvm.dll
O2 - BHO: Class - {F735A94E-3DD7-5936-2156-A36605F56680} - C:\WINDOWS\system32\syssk.dll
O2 - BHO: Class - {F75E935C-460C-2FD8-E0A7-B79321EBB7C0} - C:\WINDOWS\ipef32.dll (file missing)
O2 - BHO: Class - {F7AACFF8-E2DB-44D8-E2C9-F45FEFF56855} - C:\WINDOWS\system32\sysdb.dll (file missing)
O2 - BHO: Class - {F8143114-CDD3-F1BE-E167-AB80E5C3C6A3} - C:\WINDOWS\system32\iebj32.dll (file missing)
O2 - BHO: Class - {F84C0E21-1182-61D7-7FD0-D1260EFE3C77} - C:\WINDOWS\ntmg.dll (file missing)
O2 - BHO: Class - {F8D1BF1F-2062-E0DE-6BFA-54877299CF30} - C:\WINDOWS\system32\ntih.dll
O2 - BHO: Class - {F8F6985E-5F1E-9567-733D-D3264B60E41C} - C:\WINDOWS\d3mi.dll
O2 - BHO: Class - {F9847D04-7149-BEC1-5F54-A3EB7C486F82} - C:\WINDOWS\system32\atlao32.dll (file missing)
O2 - BHO: Class - {F9AD27F1-50B4-A52F-10E5-9CAEB34A9715} - C:\WINDOWS\system32\atlcc32.dll (file missing)
O2 - BHO: Class - {F9D982F9-B035-9FE7-9252-71E960E1F3E5} - C:\WINDOWS\system32\netfi.dll (file missing)
O2 - BHO: Class - {FA1487A3-BE0B-8C8F-EE8B-A7306DC4EB4E} - C:\WINDOWS\msuw.dll
O2 - BHO: Class - {FA2653A0-F026-3FE9-D1FA-FA3712FEE6B5} - C:\WINDOWS\system32\appxo.dll
O2 - BHO: Class - {FA4788F1-4822-A986-4D3E-44B435C19A9C} - C:\WINDOWS\winca32.dll
O2 - BHO: Class - {FA6BD27F-288F-002A-F4A9-ABCF232371D9} - C:\WINDOWS\sdkuo.dll (file missing)
O2 - BHO: Class - {FA991F0E-1BD9-6EAD-EFEC-2317207D5E37} - C:\WINDOWS\apitv32.dll
O2 - BHO: Class - {FB04EF28-D55C-A95A-794F-75DA8F4D83AF} - C:\WINDOWS\system32\crjn32.dll
O2 - BHO: Class - {FB9C0E2C-9054-C0EA-4D57-F9CCE6487636} - C:\WINDOWS\system32\ipce.dll (file missing)
O2 - BHO: Class - {FBD1BCB7-116B-AD10-1ADA-BFEDE15DCBA6} - C:\WINDOWS\system32\d3ia32.dll
O2 - BHO: Class - {FBED823A-D55D-5FC4-3371-07A8B14B3237} - C:\WINDOWS\sdkxp.dll
O2 - BHO: Class - {FC344FA8-CC15-2847-A8F1-50D9B4E50E70} - C:\WINDOWS\system32\apiiu32.dll
O2 - BHO: Class - {FC5F4FD2-9814-9658-709F-821EB79F97AB} - C:\WINDOWS\javatk.dll
O2 - BHO: Class - {FC99EFF4-58A4-239B-1E0E-184CC2DCD960} - C:\WINDOWS\system32\msnc32.dll (file missing)
O2 - BHO: Class - {FD2AB2BF-88C5-FAF0-2AAD-AF18322CE7FF} - C:\WINDOWS\winjf32.dll
O2 - BHO: Class - {FD36CB53-F43E-C115-ED98-E1F307C77FD6} - C:\WINDOWS\ipjj.dll
O2 - BHO: Class - {FD7786C4-36BE-9F97-70B6-B4EF1D3FBA8B} - C:\WINDOWS\system32\sdkph32.dll
O2 - BHO: Class - {FE13BDB7-4403-0563-A91B-7E8970E72CF7} - C:\WINDOWS\system32\ipqv32.dll
O2 - BHO: Class - {FEB58C92-D119-8F66-A8FA-72D46A544DA9} - C:\WINDOWS\system32\winwv32.dll
O2 - BHO: Class - {FEE73D5B-75B8-1330-363E-B5C6A764481D} - C:\WINDOWS\system32\apibv32.dll
O2 - BHO: Class - {FF477E96-3AEA-042A-F3F3-EC30EE10E70D} - C:\WINDOWS\netru32.dll (file missing)
O2 - BHO: Class - {FF52B256-908C-69D9-AAC3-1B77E39910FF} - C:\WINDOWS\netal.dll (file missing)
O2 - BHO: Class - {FF5E4D7B-991C-539A-207F-EE7416539411} - C:\WINDOWS\javabe.dll
O2 - BHO: Class - {FF821169-5E94-6256-7895-F4D785DD878A} - C:\WINDOWS\system32\sdkpd32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [CSV7P26] C:\Program Files\CSBB\CSV7P26.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [Lexmark X83 Button Monitor] C:\PROGRA~1\LEXMAR~1\ACMonitor_X83.exe


----------



## lloyd

O4 - HKLM\..\Run: [Lexmark X83 Button Manager] C:\PROGRA~1\LEXMAR~1\AcBtnMgr_X83.exe
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\printray.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [atlkt32.exe] C:\WINDOWS\atlkt32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [IS CfgWiz] C:\Program Files\Norton Internet Security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Fork Gram Draw Real] C:\Documents and Settings\All Users\Application Data\skippollforkgram\Soap Byte.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Intra Way] C:\DOCUME~1\other\APPLIC~1\PROCBAT\Dale Play.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: BT Broadband Basic Help.lnk = C:\Program Files\BT Broadband Basic Help\bin\matcli.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MSN Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.00.0001.1203\en-us\bin\msnlAdmin.exe
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab28578.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/en/filesharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab28578.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D49E7F81-08DD-400B-B9D2-07F3E78C610B}: NameServer = 192.168.1.1
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: Sebring - C:\WINDOWS\System32\LgNotify.dll
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkjk.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation  - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe


----------



## Buzz1927

Jesus, lloyd, that's a long log. I'm going out for a bit, in the meantime go to add\remove and uninstall these programs.

Messenger Plus 3 (sponsor software) < you should have the option to remove only this.
Newdotnet
MyWebsearch
Webrebates

And any others you don't recognise. Keep him off the internet until I post back in an hour or two.


----------



## lloyd

ok have done. i am just running norton anti virus now..the computer is actually speeding up :S


----------



## Buzz1927

Ok lloyd, download these programs.

CWShredder
Aboutbuster
Ccleaner

Unzip them all to the desktop. Check Aboutbuster for updates, then boot into safemode *(without networking)*.

Go start > run, type *services.msc* Find the service called Network Security Service, right click, select "properties", hit "stop" and change the startup type to "disabled".

Then run CWShredder and hit "fix".

Then run Aboutbuster twice.

Then run Ccleaner.

Then Ewido again (I know it takes ages but it's needed for this fix)

Then run Hijackthis and check these lines.
*

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.eqjodnftcjcr.biz/T6uLOkY...giWeByo W.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\khsbm.dll/sp.html#37049
R3 - Default URLSearchHook is missing

All the 02 entries apart from one adobe and 2 Norton entries

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll (file missing)
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"
O4 - HKLM\..\Run: [New.net Startup] rundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~1.DLL,NewDotNetStartup -s
O4 - HKLM\..\Run: [CSV7P26] C:\Program Files\CSBB\CSV7P26.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [atlkt32.exe] C:\WINDOWS\atlkt32.exe
O4 - HKLM\..\Run: [Fork Gram Draw Real] C:\Documents and Settings\All Users\Application Data\skippollforkgram\Soap Byte.exe
O4 - HKCU\..\Run: [Intra Way] C:\DOCUME~1\other\APPLIC~1\PROCBAT\Dale Play.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Global Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdkjk.exe (file missing)*

Close all open windows and hit "fix checked".

Find and delete these folders\files (if they exist).

C: Program Files\*Mywebsearch*
C: Program Files\*Web Rebates*
C: Program Files\*NewDotNet*
C: Program Files\*Party Poker*
C:\Program Files\*CSBB*
C:\Documents and Settings\All Users\Application Data\*skippollforkgram*

C:\WINDOWS\*atlkt32.exe*
C:\WINDOWS\*sdkjk.exe*

Then boot back to normal mode and post a new log, and say how things are now.


----------



## lloyd

cwshredder link doesn't work...


----------



## Lorand

Try this one: http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe


----------



## lloyd

network security services isnt there


----------



## Buzz1927

Ok, I was just checking, carry on with the rest of the fix.


----------



## lloyd

il post another hijack this log in a while....should be alot shorter as i have followed all steps deleted all the s**t he had on it, and done everything humanly possible..but it still quite slow..


----------



## flatsoen

I just discovered a Bloodhound on my computer. Two names are shown by (2002) Norton Antivirus, but I can't find the files anywhere. Why is that? Where are they... The names are c:\recycler\s-1-5-21-3728...\Dc329.exe and runapl[1].exe

Norton (2002) couldn't get rid of it, but said it quarantained it. It still displays a virus alert that I can't click away. Any suggestions?


----------



## Buzz1927

Start  a new thread with your Hijackthis log.


----------

