Here are the logs. Some notes:
1) I don't think the Kill2Me worked. It said that it did not find evidence of any infection and asked me if I wanted to continue..which I did and it said it had removed any infection if it was there. I ran CWShredder as a double check and that program found the VX2.Look2ME pest still present. I tried to have it removed upon reboot but the same issue occured as in my previous post.
2) Of the file you asked me to the delete, the only one present was the ppdx5032.dll. I could not delete it as is, in Safe Mode, or even using KILLBOX (from one of your previous posts). KILLBOX seemed like it was going to work but it never followed through on the reboot.
thanks for the continued help....is this amount of cleanup normal or am I just luck :)
Logfile of HijackThis v1.99.1
Scan saved at 10:32:37 PM, on 8/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\WINDOWS\System32\zuuzzgs.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\System32\halpum.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
C:\Program Files\Kodak\KODAK Picture Transfer Software\pts.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\UAService7.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qus9.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-qus9.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://qus9.hpwis.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
R3 - URLSearchHook: sextension - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\Downloaded Program Files\sextension.dll (file missing)
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: XBTB01658 - {38A15633-D04F-4bed-A8D0-DF1D687D1F7E} - C:\WINDOWS\DOWNLO~1\SEXTEN~1.DLL (file missing)
O3 - Toolbar: (no name) - {86227D9C-0EFE-4f8a-AA55-30386A3F5686} - (no file)
O3 - Toolbar: sextension - {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} - C:\WINDOWS\Downloaded Program Files\sextension.dll (file missing)
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [QuickFinder Scheduler] "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [hplampc] C:\WINDOWS\system32\hplampc.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Io02RRM3V] atrivs.exe
O4 - HKCU\..\Run: [kbdsp] C:\WINDOWS\System32\kbdsp.exe
O4 - Startup: Compaq Organize.lnk = ?
O4 - Startup: spamsubtract.lnk = C:\Program Files\interMute\SpamSubtract\SpamSubtract.exe
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\1940576\Program\BackWeb-1940576.exe
O4 - Global Startup: KODAK Picture Transfer Software.lnk = ?
O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\KODAK\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - ms-its:mhtml:file://c:\nesunex.mht! http://snipernet.us/ext1/ysa.chm::/ysb_regular.cab
O16 - DPF: {CC8C8F4F-F2E8-404B-A43D-5CC57876A008} (sextension) - ms-its:mhtml:file://c:\sxtens.mht! http://bar.sxload.com/data/sxt.chm::/sextension.cab
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\ppdx5032.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:41:53 PM, 8/12/2005
+ Report-Checksum: 45486886
+ Scan result:
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CLSID -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\BrowserHelperObject.BAHelper\CurVer -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38601801-2FF5-4A62-95DA-D2007161C1B4} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{03B800F9-2536-4441-8CDA-2A3E6D15B4F8} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1C01D150-91A4-4DE0-9BF8-A35D1BDF1001} -> Spyware.SafeSurfing : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{4FE82BA0-9335-4D4E-8E98-76409A88F2C1} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{ACE5B10B-92A3-4103-8583-3684BB09409F} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DFBCC1EB-B149-487E-80C1-CC1562021542} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\SideFind.Finder -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\SideFind.Finder\CLSID -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\SideFind.Finder\CurVer -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{40B1D454-9CA4-43CC-86AA-CB175EAC52FB} -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{487E7682-B976-41FB-A944-E8B83689A454} -> Spyware.TopConverting : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EE12B71-AA5E-45EC-8666-2DB3AD3FDF44} -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{99410CDE-6F16-42ce-9D49-3807F78F0287} -> Spyware.Zango : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Surf SideKick -> Spyware.SurfSide : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\SideFind\History -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\VGroup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\VGroup\SAHPopup -> Spyware.SAHA : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar\Historyfiles -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar\Historystring -> Spyware.ISTBar : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-21-3576068603-4191100369-2977924657-1003\Software\salm -> Spyware.180Solutions : Cleaned with backup
[208] C:\WINDOWS\system32\ppdx5032.dll -> Spyware.Look2Me : Error during cleaning
[592] C:\WINDOWS\system32\GHCollection.dll -> Spyware.Look2Me : Error during cleaning
[680] VM_00900000 -> Adware.BetterInternet : Error during cleaning
[812] C:\WINDOWS\System32\vykevp.exe -> Trojan.Agent.cp : Cleaned with backup
[1364] C:\WINDOWS\System32\pnqblo.exe -> TrojanDownloader.Qoologic.n : Cleaned with backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\ClientAX.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\sextension.dll -> Spyware.SideSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\installer_SIAC.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\nem220.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\WINDOWS\nqhpozgaz.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\optimize.exe -> TrojanDownloader.Dyfuca.dk : Cleaned with backup
C:\WINDOWS\pinmbib.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\shop1004.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\SSK3_B5.exe -> TrojanDropper.Small.qn : Cleaned with backup
C:\WINDOWS\stubinstaller5975.exe -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\suslppm.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\system32\atrc8parb.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\AUNPS2.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\conres.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\datadx.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl0.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl1.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exul.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\guard.tmp -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\halpum.exe -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\ikgsv.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\WINDOWS\system32\javexulm.vxd -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\mqexdlm.srg -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\msbe.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\nkyicuy.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\system32\sjarddlg.dll -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\wugky.dat -> TrojanDownloader.Qoologic.u : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__nkyicuy.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\system32\__delete_on_reboot__supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINDOWS\Temp\atrc8parb_.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\Temp\b.com -> TrojanDropper.Agent.pb : Cleaned with backup
C:\WINDOWS\Temp\bb.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\Temp\Del16A.tmp -> TrojanDownloader.Small.asf : Cleaned with backup
C:\WINDOWS\Temp\hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\WINDOWS\Temp\res161.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\res170.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\res173.tmp -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/liqp7c25q_.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/atrc8parb_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\setup4021.cab/hqrhil7kg_.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\shop1004.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\Temp\sidefind.exe -> TrojanDownloader.IstBar.jm : Cleaned with backup
C:\WINDOWS\Temp\umqltg4cl_.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@rotator.adjuggler[1].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.epilot[1].txt -> Spyware.Cookie.Epilot : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.myaffiliateprogram[2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ysbweb[1].txt -> Spyware.Cookie.Ysbweb : Cleaned with backup
::Report End
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 1 Current Build Number: 2600
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
abetterinternet.com 6/19/2003 2:00:26 PM 3278 C:\WINDOWS\abiuninst.htm
aspack 11/28/2004 9:10:44 PM 1343999 C:\WINDOWS\Aurexkb.ehu
PTech 11/28/2004 9:10:44 PM 1343999 C:\WINDOWS\Aurexkb.ehu
UPX! 11/28/2004 9:00:40 PM 255700 C:\WINDOWS\del.tmp
UPX! 8/12/2005 5:48:14 PM 189859 C:\WINDOWS\dsr.exe
PTech 11/28/2004 9:10:52 PM 1073501 C:\WINDOWS\Flgczsswjyh.lzw
PEC2 11/28/2004 9:10:40 PM 184535 C:\WINDOWS\Iingbqeu.aaw
PTech 11/28/2004 9:10:46 PM 483851 C:\WINDOWS\Iwwcitsg.dua
PECompact2 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719
qoologic 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719
SAHAgent 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\lpt$vpn.719
web-nex 8/12/2005 5:46:38 PM 4254 C:\WINDOWS\mnrzv.dll
PEC2 11/28/2004 9:10:42 PM 193869 C:\WINDOWS\Mxacorse.trv
UPX! 7/23/2003 10:06:52 AM 52736 C:\WINDOWS\Nail.exe
UPX! 8/11/2005 11:41:22 PM 36608 C:\WINDOWS\nem220.dll
UPX! 9/6/2003 8:45:34 AM 79360 C:\WINDOWS\nqhpozgaz.exe
UPX! 5/3/2005 11:44:44 AM 25157 C:\WINDOWS\RMAgentOutput.dll
aspack 8/11/2005 11:41:26 PM 38400 C:\WINDOWS\shop1004.exe
UPX! 8/11/2005 11:41:12 PM 10240 C:\WINDOWS\suslppm.exe
UPX! 1/24/2003 12:00:06 PM 6656 C:\WINDOWS\svcproc.exe
UPX! 1/10/2005 4:17:24 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719
qoologic 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719
SAHAgent 7/7/2005 7:44:40 AM 15329059 C:\WINDOWS\VPTNFILE.719
UPX! 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 2/18/2005 6:40:14 PM 1044560 C:\WINDOWS\vsapi32.dll
PTech 11/28/2004 9:10:50 PM 1626626 C:\WINDOWS\Wpkrkcqrrjf.uwm
Checking %System% folder...
SAHAgent 6/30/2005 2:00:58 PM 35 C:\WINDOWS\SYSTEM32\9hk5g7bj.ini
SAHAgent 6/17/2005 3:21:42 PM 204288 C:\WINDOWS\SYSTEM32\atrc8parb.exe
SAHAgent 8/8/2005 2:05:46 PM 796 C:\WINDOWS\SYSTEM32\atrc8parb.ini
UPX! 8/12/2005 5:06:30 PM 24576 C:\WINDOWS\SYSTEM32\AUNPS2.dll
69.59.186.63 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/11/2005 11:19:50 PM 29184 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 8:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 9/16/2000 7:41:42 PM 28160 C:\WINDOWS\SYSTEM32\DrPMon.dll
69.59.186.63 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
209.66.67.134 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
web-nex 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
winsync 8/11/2005 11:19:52 PM 9728 C:\WINDOWS\SYSTEM32\earak.dll
Umonitor 8/12/2005 12:49:12 AM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
WinShutDown 8/12/2005 12:49:12 AM 417792 C:\WINDOWS\SYSTEM32\guard.tmp
aspack 8/12/2005 10:44:40 AM 61952 C:\WINDOWS\SYSTEM32\halpum.exe
SAHAgent 6/30/2005 2:00:58 PM 35 C:\WINDOWS\SYSTEM32\havijo1d.ini
aspack 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
KavSvc 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
69.59.186.63 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
209.66.67.134 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
web-nex 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
yourkey 8/8/2005 11:17:24 AM 9728 C:\WINDOWS\SYSTEM32\ikgsv.dll
Umonitor 11/3/1998 2:01:02 AM 324096 C:\WINDOWS\SYSTEM32\ipebase11.dll
69.59.186.63 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
209.66.67.134 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
web-nex 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
winsync 8/11/2005 11:19:52 PM 26624 C:\WINDOWS\SYSTEM32\ksahwla.dll
SAHAgent 6/30/2005 9:25:36 PM 3132 C:\WINDOWS\SYSTEM32\l2r348ov.ini
aspack 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
KavSvc 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
69.59.186.63 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
209.66.67.134 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
testpopup 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
web-nex 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
yourkey 8/12/2005 10:44:40 AM 27648 C:\WINDOWS\SYSTEM32\nkyicuy.dll
Umonitor 8/29/2002 8:00:00 AM 631808 C:\WINDOWS\SYSTEM32\rasdlg.dll
Umonitor 8/12/2005 10:44:22 AM 417792 C:\WINDOWS\SYSTEM32\sjarddlg.dll
WinShutDown 8/12/2005 10:44:22 AM 417792 C:\WINDOWS\SYSTEM32\sjarddlg.dll
winsync 8/29/2002 8:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
aspack 8/12/2005 10:44:40 AM 61952 C:\WINDOWS\SYSTEM32\wugky.dat
aspack 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
KavSvc 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
69.59.186.63 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
209.66.67.134 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
testpopup 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
web-nex 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
yourkey 8/8/2005 11:17:24 AM 27648 C:\WINDOWS\SYSTEM32\__delete_on_reboot__nkyicuy.dll
aspack 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
KavSvc 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
69.59.186.63 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
209.66.67.134 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
66.63.167.97 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
66.63.167.77 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
web-nex 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
yourkey 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
rec2_run 8/8/2005 11:17:24 AM 29184 C:\WINDOWS\SYSTEM32\__delete_on_reboot__supdate.dll
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/12/2005 5:52:24 PM 2048 C:\WINDOWS\bootstat.dat
S 8/12/2005 5:53:00 PM 417792 C:\WINDOWS\system32\GHCollection.dll
S 8/12/2005 12:49:12 AM 417792 C:\WINDOWS\system32\guard.tmp
S 8/4/2005 10:43:40 PM 417792 C:\WINDOWS\system32\ppdx5032.dll
S 8/12/2005 10:44:22 AM 417792 C:\WINDOWS\system32\sjarddlg.dll
H 8/12/2005 5:53:02 PM 20480 C:\WINDOWS\system32\config\default.LOG
H 8/12/2005 5:52:58 PM 1024 C:\WINDOWS\system32\config\SAM.LOG
H 8/12/2005 5:52:30 PM 12288 C:\WINDOWS\system32\config\SECURITY.LOG
H 8/12/2005 5:53:46 PM 163840 C:\WINDOWS\system32\config\software.LOG
H 8/12/2005 5:52:26 PM 999424 C:\WINDOWS\system32\config\system.LOG
H 8/8/2005 11:05:22 AM 1024 C:\WINDOWS\system32\config\userdiff.LOG
SH 8/11/2005 10:18:20 PM 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\a65c4887-7a56-462f-a379-47f4c17c5e26
SH 8/11/2005 10:18:20 PM 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
SH 8/4/2005 10:20:44 PM 190 C:\WINDOWS\Tasks\RUTASK.job
H 8/12/2005 5:49:04 PM 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 8/29/2002 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 6/28/2003 12:40:32 AM 8606208 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/29/2002 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\appwiz.cpl
5/11/2001 1:00:00 AM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
8/11/2005 11:19:52 PM 28672 C:\WINDOWS\SYSTEM32\conres.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Hewlett-Packard 1/26/1999 1:06:28 AM 25524 C:\WINDOWS\SYSTEM32\hpsctrlc.cpl
Intel Corporation 4/7/2003 10:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 292352 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\intl.cpl
InstallShield Software Corporation6/16/2004 7:03:30 AM 73728 C:\WINDOWS\SYSTEM32\ISUSPM.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 2/20/2003 5:42:34 PM 229487 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 5/3/2003 2:19:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Softex, Inc 2/21/2003 7:06:04 AM 32768 C:\WINDOWS\SYSTEM32\scurecpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\timedate.cpl
The Weather Channel Interactive4/6/2005 4:21:18 PM 3006464 C:\WINDOWS\SYSTEM32\wxfw.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 66048 C:\WINDOWS\SYSTEM32\dllcache\access.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 578560 C:\WINDOWS\SYSTEM32\dllcache\appwiz.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 129024 C:\WINDOWS\SYSTEM32\dllcache\desk.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 150016 C:\WINDOWS\SYSTEM32\dllcache\hdwwiz.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 292352 C:\WINDOWS\SYSTEM32\dllcache\inetcpl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 121856 C:\WINDOWS\SYSTEM32\dllcache\intl.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 65536 C:\WINDOWS\SYSTEM32\dllcache\joy.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 559616 C:\WINDOWS\SYSTEM32\dllcache\mmsys.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 256000 C:\WINDOWS\SYSTEM32\dllcache\nusrmgr.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 109056 C:\WINDOWS\SYSTEM32\dllcache\powercfg.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 147456 C:\WINDOWS\SYSTEM32\dllcache\sapi.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 268288 C:\WINDOWS\SYSTEM32\dllcache\sysdm.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 8/29/2002 8:00:00 AM 90112 C:\WINDOWS\SYSTEM32\dllcache\timedate.cpl
Intel Corporation 4/7/2003 10:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 6/28/2003 12:40:32 AM 8606208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0005\DriverFiles\ALSNDMGR.CPL
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
3/27/2004 2:54:38 PM 1903 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Compaq Connections.lnk
11/27/2004 11:50:40 AM 729 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Picture Transfer Software.lnk
11/27/2004 11:56:28 AM 1031 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
1/18/2005 10:51:12 PM 1738 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
7/24/2003 5:47:38 AM 675 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
aspack 8/8/2005 11:17:24 AM 61952 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\raui.exe
8/8/2005 11:17:24 AM 61952 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\raui.exe
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
7/24/2003 5:53:24 AM 1715 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Compaq Organize.lnk
7/26/2003 4:57:50 AM 844 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk
Checking files in %USERPROFILE%\Application Data folder...
3/14/2005 7:50:12 PM 110120 C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
3/10/2005 3:51:34 PM 12358 C:\Documents and Settings\Owner\Application Data\PFP110JCM.{PB
3/10/2005 3:51:34 PM 61678 C:\Documents and Settings\Owner\Application Data\PFP110JPR.{PB
8/11/2005 11:52:22 PM 39 C:\Documents and Settings\Owner\Application Data\Sskcwrd.dll
8/11/2005 11:44:16 PM 414915 C:\Documents and Settings\Owner\Application Data\Sskknwrd.dll
8/11/2005 11:52:22 PM 37 C:\Documents and Settings\Owner\Application Data\Sskuknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{B2AB8673-9BAB-410E-B5F0-08AC7E387EBF} = C:\WINDOWS\system32\iZlmrnt5.dll
{75740AC3-4BF8-4B46-B9FD-0888D046D7DE} = C:\WINDOWS\system32\GHCollection.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\mysxkqsf
{17518f7b-bc35-47a9-aa4d-3ef376234885} = C:\WINDOWS\System32\earak.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\OPShellE
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} = C:\Program Files\Softex\OmniPass\opshelle.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\OPShellE
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} = C:\Program Files\Softex\OmniPass\opshelle.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINDOWS\System32\datadx.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000010-6F7D-442C-93E3-4A4827C2E4C8}
BHObj Class = C:\WINDOWS\nem220.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00027925-0017-4faf-9539-90E4AC0B9EC5}
Band Class = C:\WINDOWS\ttext.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00F1D395-4744-40f0-A611-980F61AE2C59}
Band Class = C:\WINDOWS\dsr.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25BC5023-012B-4883-B5CB-523A8409C73A}
SDWin32 Class = C:\WINDOWS\System32\llqrl.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{38A15633-D04F-4bed-A8D0-DF1D687D1F7E}
XBTB01658 Class = C:\WINDOWS\DOWNLO~1\SEXTEN~1.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71D1708F-973D-4600-AF01-AD86688403AE}
LANBridge Class = C:\WINDOWS\System32\ylthpdta.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9ADE0443-2AB2-4B23-A3F8-AC520773DE12}
ohb Class = C:\WINDOWS\System32\nsj19.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3FDD654-A057-4971-9844-4ED8E67DBBB8}
BAHelper Class = C:\Program Files\SideFind\sfbho.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4E04583-354E-4076-BE7D-ED6A80FD66DA}
ADP UrlCatcher Class = C:\WINDOWS\System32\msbe.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} = :
{86227D9C-0EFE-4f8a-AA55-30386A3F5686} = YourSiteBar : C:\Program Files\YourSiteBar\ysb.dll
{CC8C8F4F-F2E8-404B-A43D-5CC57876A008} = sextension : C:\WINDOWS\Downloaded Program Files\sextension.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{10E42047-DEB9-4535-A118-B3F6EC39B807}
ButtonText = SideFind :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7}
SideFind = C:\Program Files\SideFind\sidefind.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Companion : C:\Program Files\Yahoo!\companion\Installs\cpn0\ycomp5_3_16_0.dll
{86227D9C-0EFE-4F8A-AA55-30386A3F5686} = YourSiteBar : C:\Program Files\YourSiteBar\ysb.dll
{CC8C8F4F-F2E8-404B-A43D-5CC57876A008} = sextension : C:\WINDOWS\Downloaded Program Files\sextension.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
hpsysdrv c:\windows\system\hpsysdrv.exe
HotKeysCmds C:\WINDOWS\System32\hkcmd.exe
KBD C:\HP\KBD\KBD.EXE
StorageGuard "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz nwiz.exe /installquiet /keeploaded /nodetect
AlcxMonitor ALCXMNTR.EXE
PS2 C:\WINDOWS\system32\ps2.exe
QuickFinder Scheduler "c:\Program Files\WordPerfect Office 11\Programs\QFSCHD110.EXE"
hplampc C:\WINDOWS\system32\hplampc.exe
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe
ISUSPM Startup C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
AWMON "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
ccApp "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
ccRegVfy "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
qbet C:\WINDOWS\qbet.exe
WildTangent CDA RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
WT GameChannel C:\Program Files\WildTangent\Apps\GameChannel.exe
IST Service C:\Program Files\ISTsvc\istsvc.exe
Media Gateway C:\Program Files\Media Gateway\MediaGateway.exe
iwhsuxi C:\WINDOWS\System32\vykevp.exe r
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NVIEW rundll32.exe nview.dll,nViewLoadHook
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Io02RRM3V atrivs.exe
kbdsp C:\WINDOWS\System32\kbdsp.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe C:\WINDOWS\Nail.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\OptimalLayout
= C:\WINDOWS\system32\ppdx5032.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/12/2005 6:02:19 PM
