likwidmonster
2008-07-09, 18:46
hey i got virtumonde here is my start up log frm spybot
----------------------------
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-05-24 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-03 Includes\Adware.sbi
2008-06-10 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-10 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-04 Includes\Hijackers.sbi
2008-06-03 Includes\HijackersC.sbi
2008-06-03 Includes\Keyloggers.sbi
2008-06-10 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-03 Includes\Malware.sbi
2008-06-11 Includes\MalwareC.sbi
2008-06-03 Includes\PUPS.sbi
2008-06-10 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-03 Includes\Spyware.sbi
2008-06-03 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-11 Includes\Trojans.sbi
2008-06-11 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, 2cff9ff0 (DISABLED)
command: rundll32.exe "C:\WINDOWS\system32\xreonicp.dll",b
file: C:\WINDOWS\system32\xreonicp.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: FAE95D6D7651B5629C4E19ADBC9A3863
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 290816
MD5: 22BF86E403B26052D79C28184D0B5E11
Located: HK_LM:Run, BM2fccac6c (DISABLED)
command: Rundll32.exe "C:\WINDOWS\system32\axsdbgqr.dll",s
file: C:\WINDOWS\system32\axsdbgqr.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Cpqset
command: C:\Program Files\HPQ\Default Settings\cpqset.exe
file: C:\Program Files\HPQ\Default Settings\cpqset.exe
size: 184412
MD5: 6BBFECA5D51EA82BAC35E01C66762753
Located: HK_LM:Run, Display Settings
command: C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
file: C:\Program Files\HPQ\Notebook Utilities\hptasks.exe
size: 45056
MD5: 291822FC9D05FBBEFB0EC008FE2213F3
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7C6B5065E7326E3C91A62800DF3A31FA
Located: HK_LM:Run, HPHmon03
command: C:\WINDOWS\system32\hphmon03.exe
file: C:\WINDOWS\system32\hphmon03.exe
size: 311296
MD5: 97328A8415E1A1E4A832FE1E87B2DE2C
Located: HK_LM:Run, 2cff9ff0 (DISABLED)
command: rundll32.exe "C:\WINDOWS\system32\nmydxqaq.dll",b
file: C:\WINDOWS\system32\nmydxqaq.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, CARPService (DISABLED)
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: 1079B06555A14B5E07D45B9B781D6E99
Located: HK_LM:Run, Glass2k (DISABLED)
command: C:\Documents and Settings\Nathan\Desktop\Glass2k.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, mmtask (DISABLED)
command: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
file: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
size: 53248
MD5: ACD22CB640DCBBBA296716B63490791C
Located: HK_LM:Run, My Web Search Bar Search Scope Monitor (DISABLED)
command: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, MyWebSearch Email Plugin (DISABLED)
command: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, MyWebSearch Plugin (DISABLED)
command: rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, QT4HPOT (DISABLED)
command: C:\Program Files\HPQ\One-Touch\OneTouch.EXE
file: C:\Program Files\HPQ\One-Touch\OneTouch.EXE
size: 106496
MD5: 37A85A57DCBEE097227D4B5F2B150960
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216B3ACC656CDA8A5A0C3071EC0A408B
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
size: 75520
MD5: 1CAEDEE87C1E24CFE2C29954FF40927B
Located: HK_LM:Run, SynTPEnh (DISABLED)
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 610304
MD5: 6EB8A26CFBB4E14CF5318CFCE37E95E7
Located: HK_LM:Run, SynTPLpr (DISABLED)
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 110592
MD5: 5DC0A404904FF058D0C080A48A960BF5
Located: HK_LM:RunOnce, SpybotDeletingA1520 (DISABLED)
command: command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA6078 (DISABLED)
command: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC7837 (DISABLED)
command: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: HK_LM:RunOnce, SpybotDeletingC8521 (DISABLED)
command: cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1289000
MD5: 5515EB5E3A8B073F66CFC697EB0D4B55
Located: HK_CU:Run, Aim6 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, EZ Smileys (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: "C:\Program Files\EZ Smileys\EZSmileys.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, H/PC Connection Agent (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
file: C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
size: 1289000
MD5: 5515EB5E3A8B073F66CFC697EB0D4B55
Located: HK_CU:Run, MyWebSearch Email Plugin (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB1334 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB7299 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD1204 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: HK_CU:RunOnce, SpybotDeletingD4307 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: Startup (common), Quicken Scheduled Updates.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Quicken\bagent.exe
file: C:\Program Files\Quicken\bagent.exe
size: 53248
MD5: 18353951938B7E12D99C34509D640262
Located: Startup (common), Quicken Startup.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Quicken\QWDLLS.EXE
file: C:\Program Files\Quicken\QWDLLS.EXE
size: 36864
MD5: 63FDA82B02F8BB0D19411F5210ED8200
Located: Startup (user), Shortcut to explorer.lnk
where: C:\Documents and Settings\Nathan\Start Menu\Programs\Startup...
command: C:\WINDOWS\explorer.exe
file: C:\WINDOWS\explorer.exe
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, urqNDUlK
command: urqNDUlK.dll
file: urqNDUlK.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
---------------------------------------------------------
Please help ASAP
Thanks:laugh:
----------------------------
--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---
2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2008-05-24 unins000.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2008-06-03 Includes\Adware.sbi
2008-06-10 Includes\AdwareC.sbi
2008-06-03 Includes\Cookies.sbi
2008-06-03 Includes\Dialer.sbi
2008-06-10 Includes\DialerC.sbi
2008-06-03 Includes\HeavyDuty.sbi
2008-06-04 Includes\Hijackers.sbi
2008-06-03 Includes\HijackersC.sbi
2008-06-03 Includes\Keyloggers.sbi
2008-06-10 Includes\KeyloggersC.sbi
2004-11-29 Includes\LSP.sbi
2008-06-03 Includes\Malware.sbi
2008-06-11 Includes\MalwareC.sbi
2008-06-03 Includes\PUPS.sbi
2008-06-10 Includes\PUPSC.sbi
2007-11-07 Includes\Revision.sbi
2008-06-10 Includes\Security.sbi
2008-06-10 Includes\SecurityC.sbi
2008-06-03 Includes\Spybots.sbi
2008-06-03 Includes\SpybotsC.sbi
2008-06-03 Includes\Spyware.sbi
2008-06-03 Includes\SpywareC.sbi
2008-06-03 Includes\Tracks.uti
2008-06-11 Includes\Trojans.sbi
2008-06-11 Includes\TrojansC.sbi
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
Located: HK_LM:Run, 2cff9ff0 (DISABLED)
command: rundll32.exe "C:\WINDOWS\system32\xreonicp.dll",b
file: C:\WINDOWS\system32\xreonicp.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, ATIModeChange
command: Ati2mdxx.exe
file: C:\WINDOWS\system32\Ati2mdxx.exe
size: 28672
MD5: FAE95D6D7651B5629C4E19ADBC9A3863
Located: HK_LM:Run, ATIPTA
command: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
file: C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
size: 290816
MD5: 22BF86E403B26052D79C28184D0B5E11
Located: HK_LM:Run, BM2fccac6c (DISABLED)
command: Rundll32.exe "C:\WINDOWS\system32\axsdbgqr.dll",s
file: C:\WINDOWS\system32\axsdbgqr.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Cpqset
command: C:\Program Files\HPQ\Default Settings\cpqset.exe
file: C:\Program Files\HPQ\Default Settings\cpqset.exe
size: 184412
MD5: 6BBFECA5D51EA82BAC35E01C66762753
Located: HK_LM:Run, Display Settings
command: C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
file: C:\Program Files\HPQ\Notebook Utilities\hptasks.exe
size: 45056
MD5: 291822FC9D05FBBEFB0EC008FE2213F3
Located: HK_LM:Run, HPDJ Taskbar Utility
command: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
file: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
size: 196608
MD5: 7C6B5065E7326E3C91A62800DF3A31FA
Located: HK_LM:Run, HPHmon03
command: C:\WINDOWS\system32\hphmon03.exe
file: C:\WINDOWS\system32\hphmon03.exe
size: 311296
MD5: 97328A8415E1A1E4A832FE1E87B2DE2C
Located: HK_LM:Run, 2cff9ff0 (DISABLED)
command: rundll32.exe "C:\WINDOWS\system32\nmydxqaq.dll",b
file: C:\WINDOWS\system32\nmydxqaq.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F
Located: HK_LM:Run, CARPService (DISABLED)
command: carpserv.exe
file: C:\WINDOWS\system32\carpserv.exe
size: 4608
MD5: 1079B06555A14B5E07D45B9B781D6E99
Located: HK_LM:Run, Glass2k (DISABLED)
command: C:\Documents and Settings\Nathan\Desktop\Glass2k.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, mmtask (DISABLED)
command: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
file: c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
size: 53248
MD5: ACD22CB640DCBBBA296716B63490791C
Located: HK_LM:Run, My Web Search Bar Search Scope Monitor (DISABLED)
command: "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, MyWebSearch Email Plugin (DISABLED)
command: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, MyWebSearch Plugin (DISABLED)
command: rundll32 C:\PROGRA~1\MYWEBS~1\bar\1.bin\M3PLUGIN.DLL,UPF
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:Run, QT4HPOT (DISABLED)
command: C:\Program Files\HPQ\One-Touch\OneTouch.EXE
file: C:\Program Files\HPQ\One-Touch\OneTouch.EXE
size: 106496
MD5: 37A85A57DCBEE097227D4B5F2B150960
Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "C:\Program Files\QuickTime\qttask.exe" -atboottime
file: C:\Program Files\QuickTime\qttask.exe
size: 155648
MD5: 216B3ACC656CDA8A5A0C3071EC0A408B
Located: HK_LM:Run, SunJavaUpdateSched (DISABLED)
command: "C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe"
file: C:\Program Files\Java\jre1.5.0_12\bin\jusched.exe
size: 75520
MD5: 1CAEDEE87C1E24CFE2C29954FF40927B
Located: HK_LM:Run, SynTPEnh (DISABLED)
command: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
file: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 610304
MD5: 6EB8A26CFBB4E14CF5318CFCE37E95E7
Located: HK_LM:Run, SynTPLpr (DISABLED)
command: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
file: C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
size: 110592
MD5: 5DC0A404904FF058D0C080A48A960BF5
Located: HK_LM:RunOnce, SpybotDeletingA1520 (DISABLED)
command: command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingA6078 (DISABLED)
command: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_LM:RunOnce, SpybotDeletingC7837 (DISABLED)
command: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: HK_LM:RunOnce, SpybotDeletingC8521 (DISABLED)
command: cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: HK_CU:Run, ctfmon.exe
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8
Located: HK_CU:Run, H/PC Connection Agent
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
file: C:\Program Files\Microsoft ActiveSync\wcescomm.exe
size: 1289000
MD5: 5515EB5E3A8B073F66CFC697EB0D4B55
Located: HK_CU:Run, Aim6 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, EZ Smileys (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: "C:\Program Files\EZ Smileys\EZSmileys.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:Run, H/PC Connection Agent (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
file: C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
size: 1289000
MD5: 5515EB5E3A8B073F66CFC697EB0D4B55
Located: HK_CU:Run, MyWebSearch Email Plugin (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB1334 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: command /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingB7299 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: command /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: HK_CU:RunOnce, SpybotDeletingD1204 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: cmd /c del "C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE_old"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: HK_CU:RunOnce, SpybotDeletingD4307 (DISABLED)
where: S-1-5-21-776561741-1993962763-839522115-1004...
command: cmd /c del "C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL"
file: C:\WINDOWS\system32\cmd.exe
size: 388608
MD5: EEB024F2C81F0D55936FB825D21A91D6
Located: Startup (common), Quicken Scheduled Updates.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Quicken\bagent.exe
file: C:\Program Files\Quicken\bagent.exe
size: 53248
MD5: 18353951938B7E12D99C34509D640262
Located: Startup (common), Quicken Startup.lnk (DISABLED)
where: C:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: C:\Program Files\Quicken\QWDLLS.EXE
file: C:\Program Files\Quicken\QWDLLS.EXE
size: 36864
MD5: 63FDA82B02F8BB0D19411F5210ED8200
Located: Startup (user), Shortcut to explorer.lnk
where: C:\Documents and Settings\Nathan\Start Menu\Programs\Startup...
command: C:\WINDOWS\explorer.exe
file: C:\WINDOWS\explorer.exe
size: 1033216
MD5: 97BD6515465659FF8F3B7BE375B2EA87
Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, urqNDUlK
command: urqNDUlK.dll
file: urqNDUlK.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
---------------------------------------------------------
Please help ASAP
Thanks:laugh: