HELP with DMSetup Trojan & Possibly Remote Storm

MW FOUND THINGS - part II

Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".art". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".big". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cdsingle". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Savina/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".desert". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".detail". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".door". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".esl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gwp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ind". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".indd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LDT". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".M". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".net". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pmo". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".postcard". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".properties". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sbk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sharpstudios[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vsd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".yahoo[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Uninstaller". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833407". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.3)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.4)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.6)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSPUB5". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Plaxo". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329112". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329256". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329909". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331958". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811789". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817287". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rock and Roll JEOPARDY!". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Display". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Gamma2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Info2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Overlay". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ScreensaversInstaller". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1A655D51-1423-48A3-B748-8F5A0BE294C8}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{45EBDA59-D33B-433A-956E-B2F236468B56}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.



it seemed to find a lot when it was scanning the registry...

i'll post the rest when it's done...

thank you!
 
Viruses & Worms Found - Part 1

hi,

i just got home from work - i left it running all day while i was gone...anyway, it found a LOT of viruses, worms, trojan downloaders, keyloggers & a couple of browser hijackers, but from what i can tell, they're all quarantined in norton, so they shouldn't pose a problem, should they? anyway, here's the log broken down:

Object "minibug Adware" found in File System! Action Taken: No Action Taken.
Object "kazaa Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "smitfraud Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "cws.datanotary Browser Hijacker" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "whenu.sidefinder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "ezula Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "wareout Adware" found in File System! Action Taken: No Action Taken.
Object "elite toolbar Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
 
Part 2

Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Object "xrenoder Spyware/Adware" found in File System! Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\Alg.AlgSetup.1" refers to invalid object "{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.
Entry "HKCR\COMAdmin.DirectSoundFXCompressorPage.1" refers to invalid object "{062722AB-E8CC-4D2D-F56C-2BBC14813B4B}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object "{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSP" refers to invalid object "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Action Taken: No Action Taken.
Entry "HKCR\DSP.DSPDMOProp_Chorus.1" refers to invalid object "{6F63B172-5543-4593-91CE-EDBA65B9FACDB}". Action Taken: No Action Taken.
Entry "HKCR\MailFileAtt" refers to invalid object "{00020D05-0000-0000-C000-000000000046}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\mapifvbx.object.1" refers to invalid object "{41116C00-8B90-101B-96CD-00AA003B14FC}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object "{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object "{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SharePoint.WebPartPage.Document.1.0" refers to invalid object "{388ED91D-7FD2-11D0-A60B-00A0C90A43FF}". Action Taken: No Action Taken.
Entry "HKCR\SNDSrvc.LocationAwareness" refers to invalid object "{5705911C-A065-4568-9B45-E88F240963D9}". Action Taken: No Action Taken.
Entry "HKCR\SNDSrvc.LocationAwareness.1" refers to invalid object "{5705911C-A065-4568-9B45-E88F240963D9}". Action Taken: No Action Taken.
Entry "HKCR\SymWriter.pdb" refers to invalid object "{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object "{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjblaunch.exe". Action Taken: No Action Taken.
Entry "HKCU\Software\Netscape\Netscape Navigator\User Trusted External Applications" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmfwlaunch.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\Program Files\HP\Digital Imaging\bbfe\director\director2.htm". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmjbctrl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMFWCtrl.ocx". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMRadioEngine.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "c:\WINDOWS\System32\SNDefs.dat". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\System32\iuctl.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\Program Files\Microsoft Office\Office\Actors\CLIPPIT.ACT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object "C:\WINDOWS\system32\DIMM.DLL". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "C:\Documents and Settings\Owner\Favorites\Financial Links\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" refers to invalid object "c:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works\". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\clippit.act" refers to invalid object "C:\Program Files\Microsoft Office\Office\Actors\CLIPPIT.ACT". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Shared Tools\logo.act" refers to invalid object "C:\Program Files\Microsoft Office\Office\Actors\LOGO.ACT". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".1". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".39". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".641". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".675". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".acc". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".art". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".big". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cdsingle". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".com/Savina/". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".cue". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".desert". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".detail". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".door". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".esl". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".gwp". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".ind". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".indd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".LDT". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".M". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".net". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pf". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".pmo". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".postcard". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".properties". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sav". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sbk". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".sharpstudios[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".vsd". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object ".yahoo[1]". Action Taken: No Action Taken.
Entry "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" refers to invalid object "OpenWithList". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "AOL Uninstaller". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ieupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB821557". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823182". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB823559". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824105". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824141". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB824146". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB825119". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828028". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828035". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB828741". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB833407". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB835732". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB837001". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839643-DirectX9". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB839645". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840315". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB840374". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB841873". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "KB842773". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.3)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.4)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Mozilla Firefox (1.5.0.6)". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "MSPUB5". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "oeupdate". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Plaxo". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q327979". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q328310". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329048". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329112". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329115". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329170". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "q329256". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329390". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329441". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329834". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q329909". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331953". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q331958". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810565". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810577". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q810833". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811493". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q811789". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814033". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q814995". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815021". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q815485". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817287". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q817606". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Q828026". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "QuickTime". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "Rock and Roll JEOPARDY!". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Display". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Gamma2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Info2". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "S3Overlay". Action Taken: No Action Taken.
 
Part 3

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ScreensaversInstaller". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1A655D51-1423-48A3-B748-8F5A0BE294C8}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{45EBDA59-D33B-433A-956E-B2F236468B56}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
File C:\hp\bin\KillWind.exe tagged as not-a-virus:RiskTool.Win32.PsKill.p. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02891BE8.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02CE5F9C.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\030E3D00.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03A000A8.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\040676AF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\046B1D42.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\059E4ECE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07EA3F7F tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08D967BC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08EF0DA3.dll infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08F6619B.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09005F91.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0903098D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0906338A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0906338A.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\090A5D86.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\090D0782.exe infected by"Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0910317F.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0910317F.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.File C:\Program Files\Norton AntiVirus\Quarantine\09135B7B.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09135B7B.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09170578.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\091A2F74.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\091D5970.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\091D5970.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0920036D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0920036D.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09242D69.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09242D69.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09275766.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09275766.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\092A0162.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09A63CD9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09AA66D6.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09AA6DE4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09AD10D2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B03ACF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B03ACF.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B364CB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B364CB.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B70EC7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09BA38C4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09BA38C4.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09BD62C0.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09C00CBD.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09C436B9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09C760B5.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CA0AB2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CE34AE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CE34AE.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CE34AE.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D15EAB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D15EAB.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D408A7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D408A7.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D732A4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09EF3198.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D9F1B3A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EA75DDB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F303CA7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F9632AE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0FA62DD3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\109411D3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10A57DCA.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10CA3FE0.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\110F0394.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\112F0ACC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\119500D4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11A44DC2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12A31DBA.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\14F433C9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\16FF042B.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\17EA11DB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\182F5590.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1B276EAD.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CBC0663.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CBF46CB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1D253CD2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F0A63D7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\211C285A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2285013E.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\22BE77B8.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "ScreensaversInstaller". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{1A655D51-1423-48A3-B748-8F5A0BE294C8}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{45EBDA59-D33B-433A-956E-B2F236468B56}". Action Taken: No Action Taken.
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" refers to invalid object "{AC76BA86-7AD7-1033-7B44-000000000001}". Action Taken: No Action Taken.
File C:\hp\bin\KillWind.exe tagged as not-a-virus:RiskTool.Win32.PsKill.p. No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02891BE8.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\02CE5F9C.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\030E3D00.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\03A000A8.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\040676AF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\046B1D42.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\059E4ECE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\07EA3F7F tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08D967BC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08EF0DA3.dll infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\08F6619B.tmp infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09005F91.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0903098D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0906338A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0906338A.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\090A5D86.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\090D0782.exe infected by"Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0910317F.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0910317F.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.File C:\Program Files\Norton AntiVirus\Quarantine\09135B7B.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09135B7B.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09170578.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\091A2F74.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\091D5970.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\091D5970.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
 
Part 4

File C:\Program Files\Norton AntiVirus\Quarantine\0920036D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0920036D.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09242D69.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09242D69.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09275766.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09275766.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\092A0162.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09A63CD9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09AA66D6.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09AA6DE4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09AD10D2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B03ACF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B03ACF.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B364CB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B364CB.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09B70EC7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09BA38C4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09BA38C4.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09BD62C0.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09C00CBD.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09C436B9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09C760B5.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CA0AB2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CE34AE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CE34AE.pif infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09CE34AE.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D15EAB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.File C:\Program Files\Norton AntiVirus\Quarantine\09D15EAB.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D408A7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D408A7.scr infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09D732A4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\09EF3198.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0D9F1B3A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0EA75DDB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F303CA7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0F9632AE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\0FA62DD3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\109411D3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10A57DCA.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\10CA3FE0.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\110F0394.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\112F0ACC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\119500D4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\11A44DC2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\12A31DBA.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\14F433C9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\16FF042B.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\17EA11DB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\182F5590.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1B276EAD.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CBC0663.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1CBF46CB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1D253CD2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\1F0A63D7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\211C285A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2285013E.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\22BE77B8.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
 
part 5

File C:\Program Files\Norton AntiVirus\Quarantine\23180112.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\232878BC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\23AC00E6.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\25680062.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\262F399F.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\26B72AAB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\27881AB3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\28917D07.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\28B678D1.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\29914CFF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2A901CF7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2AD42B3F.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2B196EF3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2B8F6CEF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2D451CEB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2D8D0CDF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\2F506D4D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\31F47D3A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\321A48B7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\323940EF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\324766AA.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\33B00F43.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\33B418B1.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\344634D0.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\355B69EF.exe infected by "Net-Worm.Win32.Protoride.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\39144F36.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\395912EB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3B7961DE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3DD822A9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3E3E18B0.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FD670CE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\3FD903D4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\40352132.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\407A64E7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\41B777F4.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\41E86916 infected by "Net-Worm.Win32.Padobot.h" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4373776F.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\44077743.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\449B7717.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\454D095A infected by "Backdoor.Win32.Rbot.gen" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\46577693.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4755732E.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\47A1566E.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49685EA7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49CE54AF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\49D23F55.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4B672CCD.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4C433716.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4E2775DF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\4F2645D7.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\502515CF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\512565C6.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\522435BE.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\531E3A95.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\532305B6.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\53637E4A.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\53CA4AFF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\555E10AD.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\56F768CC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\575D5ED3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\582A6CF6.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5A3F0C91.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5A4C7E3F infected by "Trojan-Spy.Win32.GhostKeyLogger.c" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5A845046.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\5FF23F90.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\60EF4CAC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\615F5E8D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\61A42242.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\62ED1AD2.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\641A5BDC.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\64526186.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\67134513.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\687F3089.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\68C4743D.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\69116503.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6B0F04F3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6C1B3421.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6C7F08AB.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6D0E24E3.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E0D74DA.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6E7E56D0.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\6FA00285.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\707A5617.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7258348C.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\75C87673.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\780F44A9.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\784328B1.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7A0E12CF.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File C:\Program Files\Norton AntiVirus\Quarantine\7CA34AA8.exe infected by "Email-Worm.Win32.NetSky.q" Virus! Action Taken: No Action Taken.
File D:\Documents and Settings\Savina\Desktop\pumpkinpatch01.exe tagged as "not-a-virus:AdWare.Win32.Quick.a". Action Taken: No Action Taken.
File D:\Documents and Settings\Savina\Desktop\wcfautumnwoods.exe tagged as "not-a-virus:AdWare.Win32.Quick.a". Action Taken: No Action Taken.
File D:\Documents and Settings\Savina\Desktop\wcfgoldenwoods.exe tagged as "not-a-virus:AdWare.Win32.Quick.a". Action Taken: No Action Taken.
File D:\Local Disk (F)\WINDOWS2\SYSTEM\Comet\Bin\comet.exe tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File D:\Local Disk (F)\WINDOWS2\SYSTEM\Comet\Bin\csctx.dll tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File D:\Local Disk (F)\WINDOWS2\SYSTEM\Comet\Bin\cseng.dll tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File D:\Local Disk (F)\WINDOWS2\SYSTEM\Comet\Bin\csip.dll tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File D:\Local Disk (F)\WINDOWS2\SYSTEM\Comet\Bin\skinui.dll tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File D:\RECYCLER\NPROTECT\00000000. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File D:\RECYCLER\NPROTECT\00000001. infected by "BkCln.Unknown" Virus! Action Taken: No Action Taken.
File D:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP618\A0153213.dll tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File D:\System Volume Information\_restore{BC9F3C70-F33F-48FB-93C7-198E1A9B1607}\RP618\A0153214.dll tagged as "not-a-virus:AdWare.Win32.Comet.w". Action Taken: No Action Taken.
File D:\WINDOWS\system32\cmd.ftp infected by "Trojan-Downloader.BAT.Ftp.cq" Virus! Action Taken: No Action Taken.
File C:\hp\bin\KillWind.exe tagged as not-a-virus:RiskTool.Win32.PsKill.p. No Action Taken.
 
Oehook.exe

sorry to have posted the whole infected list again, but i didn't know where
the partial one i sent you ended, so i didn't want to miss anything.

like i said before, i have a presario (c:) drive, a local disk (d:) drive and a PRESARIO_RP (E:) drive...do i need to run the MWAV & WINDPFIND scans for each of the drives?? MWAV took a total of 21 hours for my c: drive...i will if i need to - just please let me know.

i'll run the WINDPFIND tonight when i go to bed & i'll post the log tomorrow...

also, lately my outlook has been hanging up & it says that some program won't let it close...i've been checking my windows task manager for any strange programs lately & i noticed a few i haven't noticed before...i don't remember what the others are, but one is called OEHOOK.exe....i didn't see it on the MWAV scan...

thank you again for the help!

have a good weekend!
 
Emptying Nortons' Quarantine

how do i empty nortons' quarantine? is it possible for quarantined items to still be used by remote systems?

sorry - i'll post the winpfind list here tomorrow... thank you!!
 
hi

no, items in nortons quarantine are locked, and not available
open NAV, > manage quarantine> empty it ( delete all items )

there were signs of malware, but those seem to be mostly leftovers. the winpfind log will reveal if any of those are active..
 
Results Of Winpfind

hi,

i'm going to have to post the log in a few messages since it's so long, but i have a question - we've been checking my c drive, but i have another drive, a d drive - a friend of mine installed it for me after my old computer crashed. should i run these scans on those drives also? thank you! here's log 1st part of the log:


»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Logfile created on: 10/1/2006 8:23:05 PM
WinPFind v1.5.0 Folder = C:\WinPFind\WinPFind\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...
UPX! 8/28/2004 8:20:58 PM 121143984 C:\pain shop pro 8.exe (Jasc Software Inc )
WSUD 8/28/2004 8:20:58 PM 121143984 C:\pain shop pro 8.exe (Jasc Software Inc )

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 8/22/2006 4:45:04 PM 21786153 C:\WINDOWS\LPT$VPN.675 ()
qoologic 8/22/2006 4:45:04 PM 21786153 C:\WINDOWS\LPT$VPN.675 ()
SAHAgent 8/22/2006 4:45:04 PM 21786153 C:\WINDOWS\LPT$VPN.675 ()
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll ()
UPX! 8/22/2006 4:45:08 PM 176709 C:\WINDOWS\tsc.exe (Trend Micro Inc.)
PECompact2 8/22/2006 4:45:04 PM 21786153 C:\WINDOWS\VPTNFILE.675 ()
qoologic 8/22/2006 4:45:04 PM 21786153 C:\WINDOWS\VPTNFILE.675 ()
SAHAgent 8/22/2006 4:45:04 PM 21786153 C:\WINDOWS\VPTNFILE.675 ()
UPX! 8/22/2006 4:45:06 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)
aspack 8/22/2006 4:45:06 PM 1077328 C:\WINDOWS\vsapi32.dll (Trend Micro Inc.)

Checking %System% folder...
WSUD 9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
PEC2 8/29/2002 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc ()
UPX! 2/26/2005 2:01:40 PM 174080 C:\WINDOWS\SYSTEM32\ExMenu.dll (Exontrol Inc.)
UPX! 2/26/2005 2:01:38 PM 113152 C:\WINDOWS\SYSTEM32\ExPMenu.dll (Exontrol Inc.)
UPX! 2/26/2005 2:01:40 PM 202240 C:\WINDOWS\SYSTEM32\ExTab.dll (Exontrol Inc.)
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll (Microsoft Corporation)
PECompact2 9/11/2006 10:37:22 AM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 9/11/2006 10:37:22 AM 8960936 C:\WINDOWS\SYSTEM32\MRT.exe (Microsoft Corporation)
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll (Microsoft Corporation)
WSUD 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll (Microsoft Corporation)
winsync 8/29/2002 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu ()
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe (Microsoft Corporation)

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys (Smart Link)

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/1/2006 8:21:48 PM S 2048 C:\WINDOWS\bootstat.dat ()
9/27/2006 7:37:12 PM H 54156 C:\WINDOWS\QTFont.qfn ()
8/21/2006 6:00:10 AM S 11749 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB922582.cat ()
9/18/2006 7:40:26 AM S 8847 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB925486.cat ()
10/1/2006 8:21:40 PM H 8192 C:\WINDOWS\system32\config\default.LOG ()
10/1/2006 8:22:14 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG ()
10/1/2006 8:21:50 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG ()
10/1/2006 8:22:16 PM H 86016 C:\WINDOWS\system32\config\software.LOG ()
10/1/2006 8:21:56 PM H 1085440 C:\WINDOWS\system32\config\system.LOG ()
9/14/2006 5:43:16 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG ()
8/21/2006 5:10:46 PM S 688 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5 ()
9/30/2006 10:11:46 AM S 14760 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\6C68A73125F3238F044A8115D96841B6 ()
9/20/2006 9:01:34 AM S 7652 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C ()
9/30/2006 10:11:30 AM S 70226 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\F482C95F83F1B59228F1B1E720F2EDF1 ()
8/21/2006 5:10:46 PM S 94 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5 ()
9/30/2006 10:11:46 AM S 132 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\6C68A73125F3238F044A8115D96841B6 ()
9/20/2006 9:01:34 AM S 134 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C ()
9/30/2006 10:11:30 AM S 128 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\F482C95F83F1B59228F1B1E720F2EDF1 ()
8/7/2006 9:05:14 AM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\d3c3b4cf-f00f-4487-9651-dfe5a054f679 ()
8/7/2006 9:05:14 AM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\Preferred ()
8/11/2006 11:09:52 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\f76bf291-0646-4d01-bef3-c2509675a78d ()
8/11/2006 11:09:52 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred ()
10/1/2006 8:19:54 PM H 6 C:\WINDOWS\Tasks\SA.DAT ()

Checking for CPL files...
8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl (Microsoft Corporation)
9/20/2004 4:20:44 PM 16121856 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl (Microsoft Corporation)
4/7/2003 7:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl (Intel Corporation)
5/26/2003 5:12:14 AM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl (Ahead Software AG)
8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl (Microsoft Corporation)
11/10/2005 1:03:50 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl (Sun Microsystems, Inc.)
8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl (Microsoft Corporation)
8/19/2003 2:56:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl (NVIDIA Corporation)
8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl (Microsoft Corporation)
8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl (Microsoft Corporation)
8/29/2002 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl (Microsoft Corporation)
5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl (Microsoft Corporation)
2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL (Realtek Semiconductor Corp.)
4/7/2003 7:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl (Intel Corporation)
2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\ReinstallBackups\0016\DriverFiles\ALSNDMGR.CPL (Realtek Semiconductor Corp.)

Checking for Downloaded Program Files...
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - QuickTime Object - CodeBase = http://www.apple.com/qtactivex/qtplugin.cab
{04E214E5-63AF-4236-83C6-A7ADCBF9BD02} - HouseCall Control - CodeBase = http://housecall60.trendmicro.com/housecall/xscan60.cab
{08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM - CodeBase = https://www.topproduceronline.com/downloads/msjavx86.exe
{09C6CAC0-936E-40A0-BC26-707480103DC3} - shizmoo Class - CodeBase = http://www.uproar.com/applets/activex/shizmoo/flipside_web18.cab
{17492023-C23A-453E-A040-C7C580BBF700} - Windows Genuine Advantage Validation Tool - CodeBase = http://go.microsoft.com/fwlink/?linkid=39204
{2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} - Symantec AntiVirus scanner - CodeBase = http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
{30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - YInstStarter Class - CodeBase = http://download.yahoo.com/dl/installs/yinst0401.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - BDSCANONLINE Control - CodeBase = http://download.bitdefender.com/resources/scan8/oscan8.cab
{644E432F-49D3-41A1-8DD5-E099162EEEC5} - Symantec RuFSI Utility Class - CodeBase = http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
{74D05D43-3236-11D4-BDCD-00C04F9A3B61} - HouseCall Control - CodeBase = http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
{8569D715-FF88-44BA-8D1D-AD3E59543DDE} - ActiveReports Viewer2 - CodeBase = https://www.topproduceronline.com/Downloads/arview2.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} - ActiveScan Installer Class - CodeBase = http://acs.pandasoftware.com/activescan/as5free/asinst.cab
{B9191F79-5613-4C76-AA2A-398534BB8999} - YAddBook Class - CodeBase = http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - Java Plug-in 1.4.2 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - Java Plug-in 1.4.2_05 - CodeBase = http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - Java Plug-in 1.5.0_05 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - Java Plug-in 1.5.0_06 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} - - CodeBase = http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{F7A05BAC-9778-410A-9CDE-BFBD4D5D2B7F} - iPIX Media Send Class - CodeBase = http://216.249.24.60/code/iPIX-ImageWell-ipix.cab
JT's Blocks - - CodeBase = http://download.games.yahoo.com/games/clients/y/blt1_x.cab
Microsoft XML Parser for Java - - CodeBase = file://C:\WINDOWS\Java\classes\xmldso.cab
Yahoo! Spelldown - - CodeBase = http://download.games.yahoo.com/games/clients/y/sdt1_x.cab
Yahoo! Towers 2.0 - - CodeBase = http://download.games.yahoo.com/games/clients/y/ywt0_x.cab
Yahoo! Word Racer - - CodeBase = http://download.games.yahoo.com/games/clients/y/wt1_x.cab

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
8/17/2004 10:06:52 PM 1971 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ()
8/21/2006 6:34:44 PM 1810 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ()
10/11/2003 3:16:08 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
8/17/2004 7:22:50 PM 571 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk ()
10/11/2003 4:31:20 AM 1808 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ()
8/24/2006 12:47:36 PM 673 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PayPal Plug-In for Outlook Express.lnk ()
10/11/2003 5:16:42 AM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk ()

Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/10/2003 8:10:12 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini ()
10/11/2003 4:35:18 AM 534 C:\Documents and Settings\All Users\Application Data\hpzinstall.log ()

Checking files in %USERPROFILE%\Startup folder...
10/11/2003 3:16:08 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()
10/14/2003 6:35:06 AM 817 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk ()

Checking files in %USERPROFILE%\Application Data folder...
10/10/2003 8:10:12 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini ()

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

>>> Internet Explorer Settings <<<


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.comcast.net/
\\Search Page -
\\Local Page - %SystemRoot%\system32\blank.htm

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main]
\\Start Page - http://www.yahoo.com/
\\Local Page - C:\WINDOWS\system32\blank.htm

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search]
\\CustomizeSearch - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
\\SearchAssistant - http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
\\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Microsoft Url Search Hook = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

>>> BHO's <<<
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - Adobe PDF Reader Link Helper = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
\{53707962-6F74-2D53-2644-206D7942484F} - = C:\PROGRA~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - SSVHelper Class = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
\{BDF3E430-B101-42AD-A544-FADC6B084872} - CNavExtBho Class = c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

>>> Internet Explorer Bars, Toolbars and Extensions <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{4D5C8C25-D075-11d0-B416-00C04FB90376} - &Tip of the Day = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
\{32683183-48a0-441b-a342-7c2a440a9478} - = ()
\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - = ()
\{BDEADE7F-C265-11D0-BCED-00A0C90AB50F} - &Discuss = shdocvw.dll (Microsoft Corporation)
\{EFA24E61-B078-11D0-89E4-00C04FC9E26E} - Favorites Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
\{EFA24E62-B078-11D0-89E4-00C04FC9E26E} - History Band = %SystemRoot%\System32\shdocvw.dll (Microsoft Corporation)
 
Winpfind Log Part 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - Norton AntiVirus = c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\ShellBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{01E04581-4EEE-11D0-BFE9-00AA005B4383} - &Address = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\WebBrowser\\{0E5CBF21-D15F-11D0-8301-00AA005B4383} - &Links = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping]
\\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - 8192 = Sun Java Console
\\NEXTID - 8201
\\{4528BBE0-4E08-11D5-AD55-00010333D0AD} - 8193 =
\\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - 8194 =
\\{FB5F1910-F110-11d2-BB9E-00C04F795683} - 8196 = Windows Messenger
\\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - 8197 =
\\{8828075D-D097-4055-AA02-2DBFA9D85E8A} - 8198 =
\\{97809617-3937-4F84-B335-9BB05EF1A8D4} - 8199 =
\\{85d1f590-48f4-11d9-9669-0800200c9a66} - 8200 = Uninstall BitDefender Online Scanner v8

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll (Sun Microsystems, Inc.)
\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - MenuText: Sun Java Console = C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)(HKCU CLSID)
\{669B269B-0D4E-41FB-A3D8-FD67CA94F646} - ButtonText: ComcastHSI = http://www.comcast.net/ ()
\{85d1f590-48f4-11d9-9669-0800200c9a66} - MenuText: Uninstall BitDefender Online Scanner v8 = ()
\{8828075D-D097-4055-AA02-2DBFA9D85E8A} - ButtonText: Support = http://www.comcastsupport.com/ ()
\{92780B25-18CC-41C8-B9BE-3C9C571A8263} - ButtonText: Research =
\{97809617-3937-4F84-B335-9BB05EF1A8D4} - ButtonText: Help = http://online.comcast.net/help/ ()
\{FB5F1910-F110-11d2-BB9E-00C04F795683} - ButtonText: Messenger = C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

>>> Approved Shell Extensions (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
\\{42071714-76d4-11d1-8b24-00a0c9068ff3} - Display Panning CPL Extension = deskpan.dll ()
\\{764BF0E1-F219-11ce-972D-00AA00A14F56} - Shell extensions for file compression = ()
\\{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} - Encryption Context Menu = ()
\\{88895560-9AA2-1069-930E-00AA0030EBC8} - HyperTerminal Icon Ext = C:\WINDOWS\System32\hticons.dll (Hilgraeve, Inc.)
\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} - Taskbar and Start Menu = ()
\\{32683183-48a0-441b-a342-7c2a440a9478} - Media Band = ()
\\{7A9D77BD-5403-11d2-8785-2E0420524153} - User Accounts = ()
\\{DEE12703-6333-4D4E-8F34-738C4DCC2E04} - RecordNow! SendToExt = c:\Program Files\RecordNow!\shlext.dll (Sonic Solutions)
\\{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - Shell Extensions for RealOne Player = C:\Program Files\Real\RealPlayer\rpshell.dll (RealNetworks, Inc.)
\\{7F67036B-66F1-411A-AD85-759FB9C5B0DB} - SampleView = C:\WINDOWS\System32\ShellvRTF.dll (XSS)
\\{1CDB2949-8F65-4355-8456-263E7C208A5D} - Desktop Explorer = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{1E9B04FB-F9E5-4718-997B-B8DA88302A47} - Desktop Explorer Menu = C:\WINDOWS\System32\nvshell.dll (NVIDIA Corporation)
\\{5464D816-CF16-4784-B9F3-75C0DB52B499} - Yahoo! Mail = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)
\\{A4DF5659-0801-4A60-9607-1C48695EFDA9} - Share-to-Web Upload Folder = C:\Program Files\Hewlett-Packard\HP Share-to-Web\HPGS2WNS.DLL (Hewlett-Packard)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

>>> Context Menu Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\TheCleaner - {2DE506B9-4320-11d3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development)
\Yahoo! Mail - {5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi.dll (Yahoo! Inc.)

[HKEY_LOCAL_MACHINE\Software\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers]

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers]
\ewido anti-spyware - {8934FCEF-F5B8-468f-951F-78A921CD3920} = C:\Program Files\ewido anti-spyware 4.0\context.dll (Anti-Malware Development a.s.)
\TheCleaner - {2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development)

[HKEY_LOCAL_MACHINE\Software\Classes\Directory\BackGround\shellex\ContextMenuHandlers]
\igfxcui - {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} = C:\WINDOWS\System32\igfxpph.dll (Intel Corporation)

[HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers]
\Symantec.Norton.Antivirus.IEContextMenu - {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = c:\Program Files\Norton AntiVirus\NavShExt.dll (Symantec Corporation)
\TheCleaner - {2DE506B9-4320-11D3-8E42-002035221EDA} = C:\Program Files\The Cleaner\tcshellex.dll (MooSoft Development)

>>> Column Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
\{F9DB5320-233E-11D1-9F84-707F02C10627} - PDF Column Info = C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll (Adobe Systems, Inc.)

>>> Registry Run Keys <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv - c:\windows\system\hpsysdrv.exe (Hewlett-Packard Company)
HotKeysCmds - C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
HPHUPD05 - c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe ()
HPHmon05 - C:\WINDOWS\System32\hphmon05.exe (Hewlett-Packard)
KBD - C:\HP\KBD\KBD.EXE (Hewlett-Packard Company)
UpdateManager - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
Recguard - C:\WINDOWS\SMINST\RECGUARD.EXE ()
VTTimer - C:\WINDOWS\SYSTEM32\VTTimer.exe (S3 Graphics, Inc.)
ccApp - c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
LTMSG - C:\WINDOWS\LTMSG.exe (Agere Systems)
PS2 - C:\WINDOWS\system32\ps2.exe (Hewlett-Packard Company)
ccRegVfy - c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe (Symantec Corporation)
NeroCheck - C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
SunJavaUpdateSched - C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
HPDJ Taskbar Utility - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb08.exe (HP)
Share-to-Web Namespace Daemon - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
QuickTime Task - C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
TkBellExe - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
tcactive - C:\Program Files\The Cleaner\tca.exe (MooSoft Development)
tcmonitor - C:\Program Files\The Cleaner\tcm.exe (MooSoft Development)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
RecordNow! - Reg Data missing or invalid ()
NVIEW - C:\WINDOWS\SYSTEM32\rundll32.exe (Microsoft Corporation)
Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe (Symantec Corporation)
Yahoo! Pager - C:\Program Files\Yahoo!\Messenger\ypager.exe (Yahoo! Inc.)
MoneyAgent - C:\Program Files\Microsoft Money\System\mnyexpr.exe (Microsoft Corp.)
ctfmon.exe - C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

>>> Startup Links <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Common Startup]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk - C:\Program Files\Broderbund\PrintMaster\PMremind.exe (Broderbund Properties LLC)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PayPal Plug-In for Outlook Express.lnk - C:\Program Files\PayPal\Payment Wizard\Outlook Express\OEHook.exe (A1-Technology)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk - C:\Program Files\Quicken\bagent.exe (Intuit Inc.)

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\\Startup]
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini ()
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk - C:\Program Files\interMute\SpamSubtract\SpamSub.exe (interMute, Inc.)

>>> MSConfig Disabled Items <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
 
Winpfind Log Part 3

[All Users Startup Folder Disabled Items]

[Current User Startup Folder Disabled Items]

>>> User Agent Post Platform <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
\\SV1 -

>>> AppInit Dll's <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs]

>>> Image File Execution Options <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
\Your Image File Name Here without a path - Debugger = ntsd -d

>>> Shell Service Object Delay Load <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
\\PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll (Microsoft Corporation)
\\WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll (Microsoft Corporation)
\\SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll (Microsoft Corporation)

>>> Shell Execute Hooks <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} - URL Exec Hook = shell32.dll (Microsoft Corporation)
\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} - CShellExecuteHookImpl Object = C:\Program Files\ewido anti-spyware 4.0\shellexecutehook.dll (Anti-Malware Development a.s.)

>>> Shared Task Scheduler <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
\\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)
\\{8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon = %SystemRoot%\System32\browseui.dll (Microsoft Corporation)

>>> Winlogon <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
\\UserInit = C:\WINDOWS\system32\userinit.exe,
\\Shell = Explorer.exe
\\System =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
\crypt32chain - crypt32.dll = (Microsoft Corporation)
\cryptnet - cryptnet.dll = (Microsoft Corporation)
\cscdll - cscdll.dll = (Microsoft Corporation)
\ScCertProp - wlnotify.dll = (Microsoft Corporation)
\Schedule - wlnotify.dll = (Microsoft Corporation)
\sclgntfy - sclgntfy.dll = (Microsoft Corporation)
\SensLogn - WlNotify.dll = (Microsoft Corporation)
\termsrv - wlnotify.dll = (Microsoft Corporation)
\WgaLogon - WgaLogon.dll = (Microsoft Corporation)
\wlballoon - wlnotify.dll = (Microsoft Corporation)

>>> DNS Name Servers <<<
{10A3CF4F-5989-4267-BD20-2FF788D5EE2A} - (Linksys Wireless-B USB Network Adapter v2.8)
{2C0AE951-2323-4604-83D8-D9FC5A43ECB4} - (Linksys Wireless-B USB Network Adapter v2.8)
{7B2FAAE3-1C21-4CD0-B861-8F5C172DAE44} - (1394 Net Adapter)
{BA2AB463-5919-4669-A7F4-A397D431C3AB} - ()
{E8FC57F0-A3C5-4566-B0AF-580A5AA907AC} - (VIA Rhine II Fast Ethernet Adapter)

>>> All Winsock2 Catalogs <<<
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries]
\000000000001\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
\000000000002\\LibraryPath - %SystemRoot%\System32\winrnr.dll (Microsoft Corporation)
\000000000003\\LibraryPath - %SystemRoot%\System32\mswsock.dll (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]
\000000000001\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000002\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000003\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000004\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000005\\PackedCatalogItem - %SystemRoot%\system32\rsvpsp.dll (Microsoft Corporation)
\000000000006\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000007\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000008\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000009\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000010\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000011\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000012\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000013\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000014\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000015\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000016\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000017\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000018\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)
\000000000019\\PackedCatalogItem - %SystemRoot%\system32\mswsock.dll (Microsoft Corporation)

>>> Protocol Handlers (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler]
\ipp - ()
\msdaipp - ()

>>> Protocol Filters (Non-Microsoft Only) <<<
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter]

>>> Selected AddOn's <<<


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
 
in my "all winsock2 catalogs" area, there's an entry called:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries]

i looked on symantec & it said that it's related to trojan.redfall

here's the symantec page:

http://www.symantec.com/security_response/writeup.jsp?docid=2003-101217-0310-99&tabid=3

and this file: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs] is listed on symantec as the WORM_STRATION.BB

here's the page on that one:

http://www.symantec.com/security_response/writeup.jsp?docid=2006-091012-5303-99&tabid=1

the file: \\{438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader = %SystemRoot%\System32\browseui.dll (under the heading "shared task scheduler") is listed with symantec as being W32.Dinoxi.B

here's its symantec page: http://www.symantec.com/security_response/writeup.jsp?docid=2005-121100-2605-99&tabid=2

i don't know if any of this info helps you, but i figured it wouldn't hurt to give you the info.

i don't remember which file it was connected to on my log, but i also found W32.Mydoom.G@mm

here's the symantec page:

http://www.symantec.com/security_response/writeup.jsp?docid=2004-030213-0918-99&tabid=2

and Backdoor.Sedepex

symantec page:

http://www.symantec.com/security_response/writeup.jsp?docid=2005-103109-2236-99&tabid=3

and the file: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\CmdMapping] is listed as being Adware.Sidefind, which comes bundled with Trojan.ISTsvc

IS IT POSSIBLE TO HAVE THIS MANY TROJANS & WORMS ON MY COMPUTER???

and the SAHAGENT files are Trackware.SAHAgent

here's the symantec page:

http://www.symantec.com/security_response/writeup.jsp?docid=2003-110817-3117-99

okay, wait a minute - there are just so many that i can't possibly have this much malware on my computer, can i??? my old roommate used to download music onto my computer all the time on kazaa....it was tagged a few months ago by one of my anti-spyware programs & one of the files was deleted, so it doesn't work anymore, but i haven't uninstalled it. i'm going to do that right now....
 
those are perfectly normal windows reg values which are modified by malware. none of those are there.
the scans picked up some malware files, but none of those seem to be active.

i'll post some suggestions later when i get back from work
 
Malware Files

okay great....the csrss.exe file is active on my computer all the time, if that matters...

so none of the malware is active then? so i shouldn't worry about the ports that are active?
 
c:\windows\system32\csrss.exe is = client server runtime sub system by microsoft, a vital component of wimdows xp/2000 operation systems

the exontrol files are listed because those are upx packed, but those are not listed anywhere as loaded dlls

i would like to take a look at some files there if possible.

namely these:
C:\WINDOWS\SYSTEM32\ExMenu.dll
C:\WINDOWS\SYSTEM32\ExPMenu.dll
C:\WINDOWS\SYSTEM32\ExTab.dll

could you scan them at http://virusscan.jotti.org
scan the one at a time, post results here thank you

as far as opened ports go, the key is to disable unnecessary services and programs.. when the programs/services opening the ports are closed the port will close too
 
Results From Virusscan.jotti.org

okay, here are the results of the scan:

File: ExMenu.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 dc1771f3a59641b0f0bfb774b0730bd1
Packers detected: UPX
Scanner results

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

____________________________________________________

File: ExPMenu.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 640da7a6c1da1d2a525d98c8ff32e46a
Packers detected:
UPX

Scanner results

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing

_____________________________________________________

File: ExTab.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 6363a268deb0a5310904b6041173ce30
Packers detected:
UPX
Scanner results

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
____________________________________________________
also, you mentioned 2 things that i have questions about:

1. you said that, regarding the open ports, i should disable unnecessary services & programs. how do i do that?

2. you said that some of the files were malware that doesn't seem to be active. can i get rid of the malware anyway, just so that it can never be activated?

thank you!!
 
Scan Results Part Ii

RMAgentOutput.dll
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 d5ed81b5764e618d99a627df4e49de2c
Packers detected:
UPX
Scanner results

AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VirusBuster Found nothing
VBA32 Found nothing
 
You must log in or register to reply here.
Back
Top