943,670 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Need help! Please analyze my HJT log!
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Jun 10th, 2006
0

Need help! Please analyze my HJT log!

Expand Post »
Original thread, but still not 100% unresolved.
http://www.daniweb.com/techtalkforums/thread46853.html

Here is the latest log:

Logfile of HijackThis v1.99.1
Scan saved at 2:48:06 PM, on 10/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\WZ7351\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [BlockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab


Thank you
Chris
Similar Threads
Reputation Points: 10
Solved Threads: 0
Light Poster
ferrarilover is offline Offline
27 posts
since Jun 2006
Permalink
Jun 10th, 2006
0

Re: Need help! Please analyze my HJT log!

Hi,
Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.
Reputation Points: 25
Solved Threads: 51
Practically a Master Poster
swatkat is offline Offline
642 posts
since Jul 2005
Permalink
Jun 11th, 2006
0

Re: Need help! Please analyze my HJT log!

Thank you - took a few attempts because Kaspersky kept shutting down, but finally worked. Here is the Kaspersky log:

<><><><><><><><><><><><><><><><><><><><><><>
Sunday, June 11, 2006 6:48:03 PM
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 11/06/2006
Kaspersky Anti-Virus database records: 187913
Scan SettingsScan using the following antivirus databasestandardScan ArchivestrueScan Mail BasestrueScan TargetMy Computera:\
c:\
d:\
e:\ Scan StatisticsTotal number of scanned objects44028Number of viruses found23Number of infected objects60Number of suspicious objects2Duration of the scan process02:25:24
Infected Object NameVirus NameLast Actionc:\WINDOWS\TEMP\iinstall.exe Infected: Trojan-Downloader.Win32.IstBar.pe skipped c:\WINDOWS\TEMP\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped c:\WINDOWS\TEMP\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe WiseSFX: infected - 4 skipped c:\WINDOWS\Desktop\Program Files\General Programs\sysguardfull.exe/stream/data0016 Infected: Trojan-Downloader.Win32.Reqlook.d skipped c:\WINDOWS\Desktop\Program Files\General Programs\sysguardfull.exe/stream Infected: Trojan-Downloader.Win32.Reqlook.d skipped c:\WINDOWS\Desktop\Program Files\General Programs\sysguardfull.exe NSIS: infected - 2 skipped c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped c:\WINDOWS\Downloaded Program Files\YSBactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped c:\WINDOWS\Downloaded Program Files\istactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped c:\WINDOWS\ms05275121909.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\visfx500.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped c:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\pf78.exe NSIS: infected - 4 skipped c:\WINDOWS\pms111x.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\SYSC00.exe Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\uni_eh.exe Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\unin101.exe Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\sys02909275121.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\sys011909275122006.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\sys09219092751.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped c:\WINDOWS\drsmartload46a.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped c:\WINDOWS\drsmartload849a.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped c:\WINDOWS\sys01190927512.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\ms049275121902006.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\Program Files\Common Files\rmkw\rmkwm.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped c:\Program Files\Common Files\rmkw\rmkwl.exe Infected: Trojan-Downloader.Win32.TSUpdate.p skipped c:\Program Files\Common Files\rmkw\rmkwa.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped c:\My Documents\oucm\rundll32.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\09_PRICE.ZIP/text.exe Infected: Email-Worm.Win32.Bagle.cy skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\09_PRICE.ZIP ZIP: infected - 1 skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\ATT1394.EML/[From "ursula abel" ][Date Wed, 30 Jan 2002 20:03:27 -0500]/TryThis.exe Infected: not-virus:BadJoke.Win32.Stupen.c skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\ATT1394.EML Mail: infected - 1 skipped c:\My Shared Folder\music from klite\Quicktime Multilang4.exe Infected: Trojan-Downloader.Win32.Small.jl skipped c:\!KillBox\ms05275121909.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys01190927512.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys09219092751.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\SYSC00.exe Infected: Trojan.Win32.VB.tg skipped c:\!KillBox\sys02909275121.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\block-checker.exe Infected: IM-Worm.Win32.Chiem.a skipped c:\!KillBox\block-checker.exe( 1) Infected: IM-Worm.Win32.Chiem.a skipped c:\!KillBox\ms05275121909.exe( 1) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys01190927512.exe( 2) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys09219092751.exe( 3) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\SYSC00.exe( 4) Infected: Trojan.Win32.VB.tg skipped c:\!KillBox\sys02909275121.exe( 5) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\block-checker.exe( 6) Infected: IM-Worm.Win32.Chiem.a skipped c:\defender24.exe Infected: Trojan-Clicker.Win32.VB.ly skipped c:\keyboard24.exe Infected: Backdoor.Win32.VB.ary skipped c:\newname24.exe Infected: Trojan-Downloader.Win32.VB.adw skipped c:\Trelew.exe/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped c:\Trelew.exe NSIS: infected - 1 skipped c:\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn skipped Scan process completed.

<><><><><><><><><><><><><><><><><><><><><><>

Logfile of HijackThis v1.99.1
Scan saved at 6:49:18 PM, on 11/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\WZ7351\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [BlockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/...06_regular.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab

<><><><><><><><><><><><><><><><><><><><><><><>

Thats all.......thank you for your analysis and advice.

Chris
Reputation Points: 10
Solved Threads: 0
Light Poster
ferrarilover is offline Offline
27 posts
since Jun 2006
Permalink
Jun 13th, 2006
0

Re: Need help! Please analyze my HJT log!

Hi,
Open NotePad and copy the contents of the below "Quote" box to it:-
Quote ...
cd %windir%
attrib -s -r -h ms05275121909.exe
del ms05275121909.exe
attrib -s -r -h visfx500.exe
del visfx500.exe
attrib -s -r -h pf78.exe
del pf78.exe
attrib -s -r -h pms111x.exe
del pms111x.exe
attrib -s -r -h SYSC00.exe
del SYSC00.exe
attrib -s -r -h uni_eh.exe
del uni_eh.exe
attrib -s -r -h unin101.exe
del unin101.exe
attrib -s -r -h sys02909275121.exe
del sys02909275121.exe
attrib -s -r -h sys011909275122006.exe
del sys011909275122006.exe
attrib -s -r -h sys09219092751.exe
del sys09219092751.exe
attrib -s -r -h drsmartload45a.exe
del drsmartload45a.exe
attrib -s -r -h drsmartload46a.exe
del drsmartload46a.exe
attrib -s -r -h drsmartload849a.exe
del drsmartload849a.exe
attrib -s -r -h sys01190927512.exe
del sys01190927512.exe
attrib -s -r -h ms049275121902006.exe
del ms049275121902006.exe
cd Desktop
cd "Program Files"
cd "General Programs"
attrib -s -r -h sysguardfull.exe
del sysguardfull.exe
cd %windir%
cd "Downloaded Program Files"
attrib -s -r -h YSBactivex.dll
del YSBactivex.dll
attrib -s -r -h istactivex.dll
del istactivex.dll
cd\
attrib -s -r -h defender24.exe
del defender24.exe
attrib -s -r -h keyboard24.exe
del keyboard24.exe
attrib -s -r -h newname24.exe
del newname24.exe
attrib -s -r -h Trelew.exe
del Trelew.exe
attrib -s -r -h SS1001.exe
del SS1001.exe
In NotePad, go to File Menu > Save AS and type the filename as Test.BAT and save the file in any desired location. Exit from NotePad.


Download CCleaner and install it. Do not run it now!


Open My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"


Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).


Do not run the Uninstaller and the Remover yet.


Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Open My Computer and navigate to the c:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press execute and let it do its job.
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.


Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

O4 - HKLM\..\Run: [BlockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.


Double-Click on the Test.BAT. A DOS type window should open and close immediately.


After this, delete these folders, if found:-
c:\Program Files\Common Files\rmkw
c:\My Documents\oucm


Delete these files:-
c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\09_PRICE.ZIP
c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\ATT1394.EML
c:\My Shared Folder\music from klite\Quicktime Multilang4.exe


Reboot to Normal Mode. Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here along with a new HijackThis log.
Last edited by swatkat; Jun 13th, 2006 at 6:04 pm.
Reputation Points: 25
Solved Threads: 51
Practically a Master Poster
swatkat is offline Offline
642 posts
since Jul 2005
Permalink
Jun 13th, 2006
0

Re: Need help! Please analyze my HJT log!

Ok, all tasks completed, here is the WinPFind log:

<><><><><><><><><><><><><><><><><>
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent 02/10/05 4:45:58 PM RH 5578784 C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 04/04/06 5:10:14 PM 2541151 C:\WINDOWS\hot_exotic_ferraris.scr
UPX! 04/04/06 5:10:14 PM 220582 C:\WINDOWS\uninstall hot_exotic_ferraris.exe
UPX! 31/05/06 11:41:26 AM 299624 C:\WINDOWS\WHCC2.exe
Items found in C:\WINDOWS\hosts

Checking %System% folder...
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent 01/10/05 1:21:26 PM 3362 C:\WINDOWS\SYSTEM\58ba5roi.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ne372aqv.ini
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\btackbox.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
UPX! 14/04/06 2:25:12 AM 50688 C:\WINDOWS\SYSTEM\navshext1.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\prwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\phwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FW20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pidrv.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/06/06 8:46:30 PM RH 1273888 C:\WINDOWS\USER.DAT
13/06/06 8:45:30 PM RH 7663654 C:\WINDOWS\SYSTEM.DAT
10/06/06 4:04:28 PM H 54156 C:\WINDOWS\QTFont.qfn
07/06/06 8:20:02 AM H 5416 C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\btackbox.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\phwave.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FW20.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pidrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wtpui.dll
03/06/06 11:45:12 AM HS 11776 C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM HS 400 C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM HS 313544 C:\WINDOWS\All Users\DRM\IndivBox.key
13/06/06 8:33:44 PM HS 1368 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
13/06/06 7:47:34 AM H 1180 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
13/06/06 7:48:56 AM H 1348 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM H 760 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM H 464 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM H 1012 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM H 560 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM H 548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
13/06/06 8:33:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
13/06/06 8:33:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
13/06/06 8:34:02 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\1E22D9UH\desktop.ini
13/06/06 8:34:02 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\KPQ3CLQZ\desktop.ini
13/06/06 8:34:04 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\OH6RODIF\desktop.ini
13/06/06 8:34:06 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\BRZC69OM\desktop.ini
13/06/06 8:33:16 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/04/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 29/08/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/08/99 10:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 30/10/01 8:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 10/02/99 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc. 08/04/04 2:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc. 26/08/96 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems 13/02/06 11:53:30 AM 61555 C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
13/06/06 4:46:12 PM 25166 C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM 15144 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
WinUpdate.exe C:\Program Files\Windows\WinUpdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/06/06 8:47:50 PM
<><><><><><><><><><><><><><><><><>
and the HJT log:

`Logfile of HijackThis v1.99.1
Scan saved at 8:58:06 PM, on 13/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/...06_regular.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...bscan_ansi.cab


<><><><><><><><><><><><><><><><><><><><><><>

Thank you for your continued help,

awaiting your reply on next action.

Chris
Reputation Points: 10
Solved Threads: 0
Light Poster
ferrarilover is offline Offline
27 posts
since Jun 2006
Permalink
Jun 14th, 2006
0

Re: Need help! Please analyze my HJT log!

Hi,
Please download the 2-week trial version of WebRoot SpySweeper from HERE.
Alternate download site.
Alternate download site.
Alternate download site.
  • Click on Free Spy Scan.
  • On the next page, click on Start Scan Now
  • Save the Setup file to your Desktop>click OK.
  • Double-click on the file that you saved. (If you receive alerts from your firewall, allow all activities for Spy Sweeper)
  • You will be prompted to check for updated definitions, please do so.
  • Click on "Options" > "Sweep Options" and check "Sweep all Folders on Selected drives".
  • Check "Local Disc C" and under "What to Sweep", check every box.
  • Click on "Sweep" and allow it to fully scan your system.
  • When the sweep has finished, click "Remove" to remove any items found.
  • Exit SpySweeper and reboot your computer.
NOTE: After SpySweeper has finished and removed any items found, it is important that you exit and reboot your computer right away to ensure the infection is fully removed.


After this scan, please post a new WinPFind log.
Reputation Points: 25
Solved Threads: 51
Practically a Master Poster
swatkat is offline Offline
642 posts
since Jul 2005
Permalink
Jun 23rd, 2006
0

Re: Need help! Please analyze my HJT log!

Sorry, been away for a few days and left the desktop at home.........here is the WinPFind log after all tasks completed as directed:

<><><><>
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent 02/10/05 4:45:58 PM RH 5578784 C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 15/06/06 9:20:10 AM 42736 C:\WINDOWS\icont.exe
UPX! 04/04/06 5:10:14 PM 2541151 C:\WINDOWS\hot_exotic_ferraris.scr
UPX! 04/04/06 5:10:14 PM 220582 C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts

Checking %System% folder...
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent 01/10/05 1:21:26 PM 3362 C:\WINDOWS\SYSTEM\58ba5roi.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ne372aqv.ini
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\btackbox.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\prwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\phwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FW20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pidrv.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wtpui.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\mnoeacct.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CEYPTNET.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SONCUI.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOUSIC32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wdpshell.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OPEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DZ32GT.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FIWPP.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
23/06/06 7:57:12 PM RH 1400864 C:\WINDOWS\USER.DAT
23/06/06 7:57:14 PM RH 7733286 C:\WINDOWS\SYSTEM.DAT
20/06/06 6:28:42 PM H 54156 C:\WINDOWS\QTFont.qfn
23/06/06 7:49:18 PM H 738645 C:\WINDOWS\ShellIconCache
20/06/06 9:52:28 PM H 5416 C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\mqihnd.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\btackbox.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\QRARTZ.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\phwave.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FW20.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pidrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wtpui.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\mnoeacct.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CEYPTNET.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SONCUI.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOUSIC32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wdpshell.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OPEDLG.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DZ32GT.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FIWPP.DLL
03/06/06 11:45:12 AM HS 11776 C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM HS 400 C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM HS 313544 C:\WINDOWS\All Users\DRM\IndivBox.key
23/06/06 7:52:22 PM HS 4329 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
23/06/06 4:36:10 PM H 1144 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
23/06/06 4:36:16 PM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM H 760 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM H 464 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM H 1012 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM H 560 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM H 548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968ED-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296900-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296901-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296902-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296903-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296904-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296905-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296906-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296907-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296908-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296909-02F1-11DB-8B54-0040F488AE86.tmp
13/06/06 8:33:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
23/06/06 5:51:26 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
23/06/06 5:51:34 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\BRZC69OM\desktop.ini
23/06/06 7:50:18 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/04/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 29/08/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/08/99 10:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 30/10/01 8:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 10/02/99 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc. 08/04/04 2:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl



=



<><><><><>

Thank you for your continued help.

Chris
Reputation Points: 10
Solved Threads: 0
Light Poster
ferrarilover is offline Offline
27 posts
since Jun 2006
Permalink
Jun 24th, 2006
0

Re: Need help! Please analyze my HJT log!

Download KillBox, extract it to your desktop.

Run KillBox.exe and check the following box:-
Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.
Quote ...
C:\WINDOWS\SYSTEM\MKJET35.DLL
C:\WINDOWS\SYSTEM\SOUB32.DLL
C:\WINDOWS\SYSTEM\MBEXCH40.DLL
C:\WINDOWS\SYSTEM\AYIPITA.DLL
C:\WINDOWS\SYSTEM\OUEDLG.DLL
C:\WINDOWS\SYSTEM\PGNMAP.DLL
C:\WINDOWS\SYSTEM\SMLFX.DLL
C:\WINDOWS\SYSTEM\MPCMS.DLL
C:\WINDOWS\SYSTEM\RAANP.DLL
C:\WINDOWS\SYSTEM\IUROP.DLL
C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
C:\WINDOWS\SYSTEM\JYEG1X32.DLL
C:\WINDOWS\SYSTEM\CDGMGR32.DLL
C:\WINDOWS\SYSTEM\EOAPI162.DLL
C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
C:\WINDOWS\SYSTEM\JNBEXEC.DLL
C:\WINDOWS\SYSTEM\58ba5roi.ini
C:\WINDOWS\SYSTEM\ecs0f2l3.ini
C:\WINDOWS\SYSTEM\ne372aqv.ini
C:\WINDOWS\SYSTEM\CZL3D32.DLL
C:\WINDOWS\SYSTEM\btackbox.dll
C:\WINDOWS\SYSTEM\EYUSBIN.DLL
C:\WINDOWS\SYSTEM\prwave.dll
C:\WINDOWS\SYSTEM\whspdmoe.dll
C:\WINDOWS\SYSTEM\jzsh400.dll
C:\WINDOWS\SYSTEM\jfdw400.dll
C:\WINDOWS\SYSTEM\phwave.dll
C:\WINDOWS\SYSTEM\wfspdmoe.dll
C:\WINDOWS\SYSTEM\pygfilt.dll
C:\WINDOWS\SYSTEM\RAR20.DLL
C:\WINDOWS\SYSTEM\CFPMAN.DLL
C:\WINDOWS\SYSTEM\SZSCLASS.DLL
C:\WINDOWS\SYSTEM\FW20.DLL
C:\WINDOWS\SYSTEM\pidrv.dll
C:\WINDOWS\SYSTEM\MTCPXL32.DLL
C:\WINDOWS\SYSTEM\MNCDevice.dll
C:\WINDOWS\SYSTEM\SOUDF.DLL
C:\WINDOWS\SYSTEM\wtpui.dll
C:\WINDOWS\SYSTEM\mnoeacct.dll
C:\WINDOWS\SYSTEM\CEYPTNET.DLL
C:\WINDOWS\SYSTEM\SONCUI.DLL
C:\WINDOWS\SYSTEM\DOUSIC32.DLL
C:\WINDOWS\SYSTEM\wdpshell.dll
C:\WINDOWS\SYSTEM\OPEDLG.DLL
C:\WINDOWS\SYSTEM\DZ32GT.DLL
C:\WINDOWS\SYSTEM\FIWPP.DLL
C:\WINDOWS\SYSTEM\JNBEXEC.DLL
C:\WINDOWS\SYSTEM\mqihnd.dll
C:\WINDOWS\SYSTEM\QRARTZ.DLL
C:\WINDOWS\SYSTEM\pwdrv.dll
Then in Killbox click File > Paste from Clipboard. At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.

Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? You will need to click "Yes" to allow the reboot.

Note: When you choose "Paste From Clipboard", KillBox will show all the file names inside the "Full Path of the file to delet" text box, and the titlebar of KillBox will show the number of files. Killbox will let you know if a file does not exist.

[If you have any issues (for example, if KillBox shows total files as 0 even after choosing "Paste from clipboard") with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.]


After the reboot, please run WinPFind again and post a new log.
Last edited by swatkat; Jun 24th, 2006 at 7:42 pm.
Reputation Points: 25
Solved Threads: 51
Practically a Master Poster
swatkat is offline Offline
642 posts
since Jul 2005
Permalink
Jun 24th, 2006
0

Re: Need help! Please analyze my HJT log!

All tasks completed, here is the WinPFind log:


»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent 02/10/05 4:45:58 PM RH 5578784 C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 15/06/06 9:20:10 AM 42736 C:\WINDOWS\icont.exe
UPX! 04/04/06 5:10:14 PM 2541151 C:\WINDOWS\hot_exotic_ferraris.scr
UPX! 04/04/06 5:10:14 PM 220582 C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts

Checking %System% folder...
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent 01/10/05 1:21:26 PM 3362 C:\WINDOWS\SYSTEM\58ba5roi.ini
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\mqihnd.dll
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ne372aqv.ini
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\btackbox.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\snnsapi.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\prwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\phwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\FW20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\pidrv.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\wtpui.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\mnoeacct.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\CEYPTNET.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\SONCUI.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\DOUSIC32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\wdpshell.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\OPEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\DZ32GT.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\FIWPP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DRTIME.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wppcd.dll
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
24/06/06 7:34:24 PM RH 1400864 C:\WINDOWS\USER.DAT
24/06/06 7:35:14 PM RH 7733286 C:\WINDOWS\SYSTEM.DAT
24/06/06 11:50:58 AM H 54156 C:\WINDOWS\QTFont.qfn
24/06/06 3:21:48 PM H 739241 C:\WINDOWS\ShellIconCache
24/06/06 3:21:52 PM H 5416 C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\snnsapi.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DRTIME.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wppcd.dll
03/06/06 11:45:12 AM HS 11776 C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM HS 400 C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM HS 313544 C:\WINDOWS\All Users\DRM\IndivBox.key
24/06/06 7:29:26 PM HS 1368 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
24/06/06 11:39:38 AM H 1180 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
24/06/06 11:41:22 AM H 1124 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM H 760 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM H 464 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM H 1012 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM H 560 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM H 548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3422-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3423-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3424-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3425-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3426-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3427-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3428-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3429-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3430-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3431-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3432-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3433-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3434-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3435-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3436-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3437-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3438-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3439-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3440-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3441-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3442-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3443-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3444-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3445-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3446-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3447-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3448-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3449-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3450-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3451-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3452-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3453-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3454-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3455-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3456-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3457-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3458-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3459-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3460-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3461-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3462-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3463-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3464-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3465-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3466-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3467-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3468-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3469-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3470-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3471-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3472-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3473-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3474-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3475-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3476-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3477-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3478-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3479-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3480-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3481-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3482-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3483-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3484-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3485-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3486-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3487-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3488-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3489-03B7-11DB-8B54-0040F488AE86.tmp
13/06/06 8:33:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
24/06/06 12:41:04 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
24/06/06 12:41:08 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\1E22D9UH\desktop.ini
24/06/06 12:46:14 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\BRZC69OM\desktop.ini
24/06/06 7:29:18 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/04/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 29/08/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/08/99 10:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 30/10/01 8:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 10/02/99 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc. 08/04/04 2:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc. 26/08/96 2:12:00 AM R 341504 C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems 13/02/06 11:53:30 AM 61555 C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
23/06/06 5:38:34 PM 25658 C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM 15144 C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4} = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9} = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
SpySweeper "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winupdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL

»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 24/06/06 7:38:23 PM


<>>>>>>><<<<<<>>>>>>>><<<<<<<>>>>>>

Thank you
Chris
Reputation Points: 10
Solved Threads: 0
Light Poster
ferrarilover is offline Offline
27 posts
since Jun 2006
Permalink
Jun 25th, 2006
0

Re: Need help! Please analyze my HJT log!

Hi,
The Look2Me DLLs are still there. Please download Kill2Me and extract it to a folder. Next run Kill2Me.exe and follow the onscreen prompts.

After this, download VX2Finder9X and run it. Next click the "Click to Find VX2.BetterInternet" button. VX2Finder9X will scan the system and if it finds any bad files, it will list them. If it finds any file, copy the list and please post back here.


Also, run CCleaner and click "Run Cleaner" button to delete all the temp files. After you delete the temp files, run WinPFind and please post a new log.
Reputation Points: 25
Solved Threads: 51
Practically a Master Poster
swatkat is offline Offline
642 posts
since Jul 2005

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Outlook Express and MSN Messenger keep crashing...
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Killing atmclk.exe on my PC





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC