Things seem to be getting better. Can't seem to shake SurfSideKick and the cmdService though. Just wont go away. Here are the logs.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:50:34 PM, 10/17/2005
+ Report-Checksum: 826E1DAF
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\\ -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06}\TypeLib\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid\\ -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Virtual Bouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKLM\SOFTWARE\SafeSurfing -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\SafeSurfing\System -> Spyware.SafeSurfing : Cleaned with backup
HKU\S-1-5-21-436374069-813497703-854245398-1007\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-436374069-813497703-854245398-1007\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Cleaned with backup
HKU\S-1-5-21-436374069-813497703-854245398-1007\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Cleaned with backup
[760] C:\WINDOWS\System32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@as-eu.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@as1.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@casalemedia[2].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@citi.bridgetrack[1].txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@counter.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@entrepreneur.122.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@offers.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@revenue[1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@tradedoubler[2].txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@www.adtrak[2].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@www.shopathomeselect[1].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Manycorum\Cookies\manycorum@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\5.qtdfmp -> TrojanDownloader.Small.awa : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\6.qtdfmp -> TrojanDownloader.Small.bon : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\60001.exe -> TrojanDownloader.Small.bkr : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\7.qtdfmp -> TrojanDownloader.Small.atl : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@statse.webtrendslive[2].txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Cookies\manycorum@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\crptclrs.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Del4F.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Del59.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\f154255077.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\i2F2.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\i43.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\ist_remove.exe -> TrojanDownloader.IstBar.jt : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\maxdd.game -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\pcs_0002.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\res50.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\Temporary Internet Files\Content.IE5\4D6R4PA3\WinFixer2005ScannerInstall[1].exe -> Not-A-Virus.Downloader.Agent.d : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\tm61030.exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\~os10.tmp\ossproxy.exe -> Spyware.RK : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temp\~os10.tmp\rk.bin -> Spyware.RK : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temporary Internet Files\Content.IE5\4YACVN6S\mm63[1].ocx -> Spyware.MediaMotor : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temporary Internet Files\Content.IE5\4YACVN6S\rcverlib[1].exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temporary Internet Files\Content.IE5\8HQL6YJY\trk_0002[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Manycorum\Local Settings\Temporary Internet Files\Content.IE5\Q14GNJIJ\mm[2].js -> Spyware.Chitika : Cleaned with backup
C:\Program Files\AdDestroyer\AdDestroyer.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\Program Files\CMSystem\plugin.dll -> Spyware.CASClient : Cleaned with backup
C:\Program Files\SurfSideKick 3\SskBho.dll -> Spyware.SurfSide : Cleaned with backup
C:\Program Files\Symroxio\AI_13-10-2005.log -> Backdoor.Wiaatl : Cleaned with backup
C:\Program Files\Symroxio\AI_14-10-2005.log -> Backdoor.Wiaatl : Cleaned with backup
C:\Program Files\Symroxio\AI_15-10-2005.log -> Backdoor.Wiaatl : Cleaned with backup
C:\Program Files\VBouncer\VirtualBouncer.exe -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\mm63.ocx -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\offun.exe -> TrojanDownloader.VB.hw : Cleaned with backup
C:\WINDOWS\system32\93_app13.exe -> TrojanDropper.Agent.xw : Cleaned with backup
C:\WINDOWS\system32\APD123.exe -> Spyware.Pacer : Cleaned with backup
C:\WINDOWS\system32\dist001.exe -> TrojanDownloader.Agent.qg : Cleaned with backup
C:\WINDOWS\system32\ichckupd.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\italavlb.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\kpd4dx.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\mmxdoubleexe.exe -> TrojanDownloader.VB.jl : Cleaned with backup
C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\nsq2FA.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\PopOops.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\PopOops2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\quyby.dat -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\sav2.exe -> TrojanDownloader.Agent.vp : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\system32\SWLAD1.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\SWLAD2.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\TWFueWNvcnVt\asappsrv.dll -> Spyware.CommAd : Cleaned with backup
C:\WINDOWS\TWFueWNvcnVt\command.exe -> Adware.CommAd : Cleaned with backup
::Report End
Log of AproposFix v1
************
Running from directory:
C:\Documents and Settings\Manycorum\Desktop\aproposfix
************
Registry entries found:
[HKEY_LOCAL_MACHINE\Software\CsiT2ADshX4m]
"Device"="\\\\.\\c06AX6gu"
"DriverPath"="C:\\WINDOWS\\System32\\drivers\\dxankspx.sys"
"DriverName"="DnsMup"
"HideUninstallerName"="C:\\Program Files\\Symroxio\\ntzwrstr.exe"
"HDll"="C:\\WINDOWS\\System32\\sfcsvinn.dll"
"ServerAddress"="adchannel.contextplus.net"
"LegalNote"="
http://adchannel.contextplus.net/legal-note/nonbranded.html""PartnerId"="CP.SAV2"
"InstallationId"="{X38c7c2d-b563-2290-ca40-fd10ed3d172c}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Symroxio\\infgcdef.exe"
"AutoUpdater"="C:\\WINDOWS\\System32\\mllrecst.exe"
"Version"="2.0.100"
"LastAURestoreMsgTS"="2005:10:03-02:42:06:204"
@="mINvPKVWWVWWXW7Zfj2fBPVWWVlYW1rwmx1\\W\\TNO9HcbW8MDQ9MNW8S5IFNKSXNTN"
--
[HKEY_LOCAL_MACHINE\Software\Aprps]
[HKEY_LOCAL_MACHINE\Software\Aprps\Client]
"PartnerId"="WB.VER2"
************
Removing hidden service:
Service DnsMup removed.
Removing hidden folder:
Deletion of folder Symroxio succeeded!
Deleting files:
Deletion of file C:\WINDOWS\System32\drivers\dxankspx.sys succeeded!
Deletion of file C:\WINDOWS\System32\mllrecst.exe succeeded!
Deletion of file C:\WINDOWS\System32\sfcsvinn.dll succeeded!
Backing up files:
Done!
Removing registry entries:
REGEDIT4
[-HKEY_CURRENT_USER\Software\CsiT2ADshX4m]
[-HKEY_CURRENT_USER\Software\Aprps]
[-HKEY_LOCAL_MACHINE\Software\CsiT2ADshX4m]
[-HKEY_LOCAL_MACHINE\Software\Aprps]
Done!
Finished!
Logfile of HijackThis v1.99.1
Scan saved at 6:17:28 PM, on 10/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\System Files\System.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.go2realsearch.com/sp2.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://www.go2realsearch.com/sp2.phpR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
http://www.go2realsearch.com/sp2.phpR3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNOTIFY.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [CMSystem] "C:\Program Files\CMSystem\CMSystem.exe"
O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: AdDestroyer.lnk = C:\Program Files\AdDestroyer\AdDestroyer.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=39204O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -
http://www.bitdefender.com/scan8/oscan8.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -
http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO18 - Filter: text/html - {8253D547-38DD-4325-B35A-F1817EDFA5F5} - C:\Program Files\System Files\plugin.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\TWFueWNvcnVt\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe