0

Original thread, but still not 100% unresolved.
http://www.daniweb.com/techtalkforums/thread46853.html

Here is the latest log:

Logfile of HijackThis v1.99.1
Scan saved at 2:48:06 PM, on 10/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\WZ7351\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [BlockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab


Thank you
Chris

2
Contributors
15
Replies
16
Views
11 Years
Discussion Span
Last Post by swatkat
0

Hi,
Perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.

0

Thank you - took a few attempts because Kaspersky kept shutting down, but finally worked. Here is the Kaspersky log:

<><><><><><><><><><><><><><><><><><><><><><>
Sunday, June 11, 2006 6:48:03 PM
Operating System: Microsoft Windows 98 SE
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 11/06/2006
Kaspersky Anti-Virus database records: 187913
Scan SettingsScan using the following antivirus databasestandardScan ArchivestrueScan Mail BasestrueScan TargetMy Computera:\
c:\
d:\
e:\ Scan StatisticsTotal number of scanned objects44028Number of viruses found23Number of infected objects60Number of suspicious objects2Duration of the scan process02:25:24
Infected Object NameVirus NameLast Actionc:\WINDOWS\TEMP\iinstall.exe Infected: Trojan-Downloader.Win32.IstBar.pe skipped c:\WINDOWS\TEMP\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei skipped c:\WINDOWS\TEMP\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0009.BIN Infected: Trojan-Downloader.Win32.TSUpdate.n skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.p skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.f skipped c:\WINDOWS\TEMP\tsinstall_4_0_4_0_b4.exe WiseSFX: infected - 4 skipped c:\WINDOWS\Desktop\Program Files\General Programs\sysguardfull.exe/stream/data0016 Infected: Trojan-Downloader.Win32.Reqlook.d skipped c:\WINDOWS\Desktop\Program Files\General Programs\sysguardfull.exe/stream Infected: Trojan-Downloader.Win32.Reqlook.d skipped c:\WINDOWS\Desktop\Program Files\General Programs\sysguardfull.exe NSIS: infected - 2 skipped c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped c:\WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC3.zip ZIP: suspicious - 1 skipped c:\WINDOWS\Downloaded Program Files\YSBactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped c:\WINDOWS\Downloaded Program Files\istactivex.dll Infected: Trojan-Downloader.Win32.IstBar.gen skipped c:\WINDOWS\ms05275121909.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\visfx500.exe Infected: Trojan-Dropper.Win32.Agent.aie skipped c:\WINDOWS\pf78.exe/data0002 Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\pf78.exe/data0003 Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\pf78.exe/data0006 Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\pf78.exe/data0007 Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\pf78.exe NSIS: infected - 4 skipped c:\WINDOWS\pms111x.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\SYSC00.exe Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\uni_eh.exe Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\unin101.exe Infected: Trojan.Win32.VB.tg skipped c:\WINDOWS\sys02909275121.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\sys011909275122006.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\sys09219092751.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\drsmartload45a.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped c:\WINDOWS\drsmartload46a.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped c:\WINDOWS\drsmartload849a.exe Infected: Trojan-Downloader.Win32.Adload.bo skipped c:\WINDOWS\sys01190927512.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\WINDOWS\ms049275121902006.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\Program Files\Common Files\rmkw\rmkwm.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped c:\Program Files\Common Files\rmkw\rmkwl.exe Infected: Trojan-Downloader.Win32.TSUpdate.p skipped c:\Program Files\Common Files\rmkw\rmkwa.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped c:\My Documents\oucm\rundll32.exe Infected: Trojan-Downloader.Win32.PurityScan.cl skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\09_PRICE.ZIP/text.exe Infected: Email-Worm.Win32.Bagle.cy skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\09_PRICE.ZIP ZIP: infected - 1 skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\ATT1394.EML/[From "ursula abel" ][Date Wed, 30 Jan 2002 20:03:27 -0500]/TryThis.exe Infected: not-virus:BadJoke.Win32.Stupen.c skipped c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\ATT1394.EML Mail: infected - 1 skipped c:\My Shared Folder\music from klite\Quicktime Multilang4.exe Infected: Trojan-Downloader.Win32.Small.jl skipped c:\!KillBox\ms05275121909.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys01190927512.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys09219092751.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\SYSC00.exe Infected: Trojan.Win32.VB.tg skipped c:\!KillBox\sys02909275121.exe Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\block-checker.exe Infected: IM-Worm.Win32.Chiem.a skipped c:\!KillBox\block-checker.exe( 1) Infected: IM-Worm.Win32.Chiem.a skipped c:\!KillBox\ms05275121909.exe( 1) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys01190927512.exe( 2) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\sys09219092751.exe( 3) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\SYSC00.exe( 4) Infected: Trojan.Win32.VB.tg skipped c:\!KillBox\sys02909275121.exe( 5) Infected: Trojan-Downloader.Win32.VB.tw skipped c:\!KillBox\block-checker.exe( 6) Infected: IM-Worm.Win32.Chiem.a skipped c:\defender24.exe Infected: Trojan-Clicker.Win32.VB.ly skipped c:\keyboard24.exe Infected: Backdoor.Win32.VB.ary skipped c:\newname24.exe Infected: Trojan-Downloader.Win32.VB.adw skipped c:\Trelew.exe/data0006 Infected: Trojan-Dropper.Win32.VB.mz skipped c:\Trelew.exe NSIS: infected - 1 skipped c:\SS1001.exe Infected: Trojan-Dropper.Win32.Small.qn skipped Scan process completed.

<><><><><><><><><><><><><><><><><><><><><><>

Logfile of HijackThis v1.99.1
Scan saved at 6:49:18 PM, on 11/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\TEMP\WZ7351\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\Run: [BlockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab

<><><><><><><><><><><><><><><><><><><><><><><>

Thats all.......thank you for your analysis and advice.

Chris

0

Hi,
Open NotePad and copy the contents of the below "Quote" box to it:-

cd %windir%
attrib -s -r -h ms05275121909.exe
del ms05275121909.exe
attrib -s -r -h visfx500.exe
del visfx500.exe
attrib -s -r -h pf78.exe
del pf78.exe
attrib -s -r -h pms111x.exe
del pms111x.exe
attrib -s -r -h SYSC00.exe
del SYSC00.exe
attrib -s -r -h uni_eh.exe
del uni_eh.exe
attrib -s -r -h unin101.exe
del unin101.exe
attrib -s -r -h sys02909275121.exe
del sys02909275121.exe
attrib -s -r -h sys011909275122006.exe
del sys011909275122006.exe
attrib -s -r -h sys09219092751.exe
del sys09219092751.exe
attrib -s -r -h drsmartload45a.exe
del drsmartload45a.exe
attrib -s -r -h drsmartload46a.exe
del drsmartload46a.exe
attrib -s -r -h drsmartload849a.exe
del drsmartload849a.exe
attrib -s -r -h sys01190927512.exe
del sys01190927512.exe
attrib -s -r -h ms049275121902006.exe
del ms049275121902006.exe
cd Desktop
cd "Program Files"
cd "General Programs"
attrib -s -r -h sysguardfull.exe
del sysguardfull.exe
cd %windir%
cd "Downloaded Program Files"
attrib -s -r -h YSBactivex.dll
del YSBactivex.dll
attrib -s -r -h istactivex.dll
del istactivex.dll
cd\
attrib -s -r -h defender24.exe
del defender24.exe
attrib -s -r -h keyboard24.exe
del keyboard24.exe
attrib -s -r -h newname24.exe
del newname24.exe
attrib -s -r -h Trelew.exe
del Trelew.exe
attrib -s -r -h SS1001.exe
del SS1001.exe

In NotePad, go to File Menu > Save AS and type the filename as Test.BAT and save the file in any desired location. Exit from NotePad.


Download CCleaner and install it. Do not run it now!


Open My Computer, then C:\
In the menu bar, File->New->Folder.
That will create a folder named New Folder, which you can rename to "BFU"


Please download Brute Force Uninstaller to your desktop.

  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).


Do not run the Uninstaller and the Remover yet.


Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Open My Computer and navigate to the c:\BFU folder.

  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon and select alcanshorty.bfu
  • Press execute and let it do its job.
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.

Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:-

O4 - HKLM\..\Run: [BlockChecker] C:\PROGRAM FILES\BLOCK CHECKER\block-checker.exe

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.


Double-Click on the Test.BAT. A DOS type window should open and close immediately.


After this, delete these folders, if found:-
c:\Program Files\Common Files\rmkw
c:\My Documents\oucm


Delete these files:-
c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\09_PRICE.ZIP
c:\Backup\IM\Identities\{2F851300-4E66-11D7-857F-0090D041CBE4}\Message Store\Attachments\ATT1394.EML
c:\My Shared Folder\music from klite\Quicktime Multilang4.exe


Reboot to Normal Mode. Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here along with a new HijackThis log.

0

Ok, all tasks completed, here is the WinPFind log:

<><><><><><><><><><><><><><><><><>
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98    Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent             02/10/05 4:45:58 PM     RH  5578784    C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX!                 04/04/06 5:10:14 PM         2541151    C:\WINDOWS\hot_exotic_ferraris.scr
UPX!                 04/04/06 5:10:14 PM         220582     C:\WINDOWS\uninstall hot_exotic_ferraris.exe
UPX!                 31/05/06 11:41:26 AM        299624     C:\WINDOWS\WHCC2.exe
Items found in C:\WINDOWS\hosts


Checking %System% folder...ad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MKJET35.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SOUB32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MBEXCH40.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\AYIPITA.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\OUEDLG.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\PGNMAP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SMLFX.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MPCMS.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\RAANP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IUROP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IKNPSTUB.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\JYEG1X32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\CDGMGR32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\EOAPI162.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IZ50_QCX.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent             01/10/05 1:21:26 PM         3362       C:\WINDOWS\SYSTEM\58ba5roi.ini
SAHAgent             01/10/05 1:17:06 PM         35         C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent             01/10/05 1:17:06 PM         35         C:\WINDOWS\SYSTEM\ne372aqv.iniad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\CZL3D32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\btackbox.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\EYUSBIN.DLL
UPX!                 14/04/06 2:25:12 AM         50688      C:\WINDOWS\SYSTEM\navshext1.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\prwave.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\whspdmoe.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\jzsh400.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\jfdw400.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\phwave.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wfspdmoe.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\pygfilt.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\RAR20.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\CFPMAN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SZSCLASS.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\FW20.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\pidrv.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MTCPXL32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MNCDevice.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SOUDF.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
13/06/06 8:46:30 PM     RH  1273888    C:\WINDOWS\USER.DAT
13/06/06 8:45:30 PM     RH  7663654    C:\WINDOWS\SYSTEM.DAT
10/06/06 4:04:28 PM      H  54156      C:\WINDOWS\QTFont.qfn
07/06/06 8:20:02 AM      H  5416       C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MKJET35.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SOUB32.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MBEXCH40.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\AYIPITA.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\OUEDLG.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\PGNMAP.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SMLFX.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MPCMS.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\RAANP.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IUROP.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\JYEG1X32.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\CDGMGR32.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\EOAPI162.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\JNBEXEC.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\CZL3D32.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\btackbox.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\EYUSBIN.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\whspdmoe.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\jzsh400.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\jfdw400.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\phwave.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wfspdmoe.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\pygfilt.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\RAR20.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\CFPMAN.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SZSCLASS.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\FW20.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\pidrv.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MTCPXL32.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\MNCDevice.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\SOUDF.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wtpui.dll
03/06/06 11:45:12 AM     HS 11776      C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM     HS 400        C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM     HS 313544     C:\WINDOWS\All Users\DRM\IndivBox.key
13/06/06 8:33:44 PM      HS 1368       C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
13/06/06 7:47:34 AM      H  1180       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
13/06/06 7:48:56 AM      H  1348       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM     H  760        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM      H  452        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM      H  464        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM      H  1012       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM     H  560        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM      H  548        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
13/06/06 8:33:24 PM      HS 67         C:\WINDOWS\Temporary Internet Files\desktop.ini
13/06/06 8:33:24 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
13/06/06 8:34:02 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\1E22D9UH\desktop.ini
13/06/06 8:34:02 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\KPQ3CLQZ\desktop.ini
13/06/06 8:34:04 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\OH6RODIF\desktop.ini
13/06/06 8:34:06 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\BRZC69OM\desktop.ini
13/06/06 8:33:16 PM      H  6          C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation          23/04/99 10:22:00 PM        221280     C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation          29/08/02                    292352     C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        60928      C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        93248      C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14448      C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation          08/08/99 10:17:12 AM        41232      C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        51984      C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        420864     C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        47104      C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation          30/10/01 8:10:00 AM         442368     C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation          10/02/99 11:48:46 AM        40960      C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        66048      C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        103424     C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM        70656      C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        387072     C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14848      C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        72192      C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        37376      C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc.           08/04/04 2:12:42 PM         323072     C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc.           26/08/96 2:12:00 AM     R   341504     C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems               13/02/06 11:53:30 AM        61555      C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
13/06/06 4:46:12 PM         25166      C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM         15144      C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4}  = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9}  = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}  = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText  = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
WinUpdate.exe C:\Program Files\Windows\WinUpdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 13/06/06 8:47:50 PM
<><><><><><><><><><><><><><><><><>
and the HJT log:


`Logfile of HijackThis v1.99.1
Scan saved at 8:58:06 PM, on 13/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.tbcode.com/ist/softwares/v4.0/0006_regular.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab



<><><><><><><><><><><><><><><><><><><><><><>

Thank you for your continued help,

awaiting your reply on next action.

Chris

Edited by happygeek: fixed formatting

0

Hi,
Please download the 2-week trial version of WebRoot SpySweeper from HERE.
Alternate download site.
Alternate download site.
Alternate download site.

  • Click on Free Spy Scan.
  • On the next page, click on Start Scan Now
  • Save the Setup file to your Desktop>click OK.
  • Double-click on the file that you saved. (If you receive alerts from your firewall, allow all activities for Spy Sweeper)
  • You will be prompted to check for updated definitions, please do so.
  • Click on "Options" > "Sweep Options" and check "Sweep all Folders on Selected drives".
  • Check "Local Disc C" and under "What to Sweep", check every box.
  • Click on "Sweep" and allow it to fully scan your system.
  • When the sweep has finished, click "Remove" to remove any items found.
  • Exit SpySweeper and reboot your computer.

NOTE: After SpySweeper has finished and removed any items found, it is important that you exit and reboot your computer right away to ensure the infection is fully removed.


After this scan, please post a new WinPFind log.

0

Sorry, been away for a few days and left the desktop at home.........here is the WinPFind log after all tasks completed as directed:

<><><><>
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98 Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent 02/10/05 4:45:58 PM RH 5578784 C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 15/06/06 9:20:10 AM 42736 C:\WINDOWS\icont.exe
UPX! 04/04/06 5:10:14 PM 2541151 C:\WINDOWS\hot_exotic_ferraris.scr
UPX! 04/04/06 5:10:14 PM 220582 C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts

Checking %System% folder...
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent 01/10/05 1:21:26 PM 3362 C:\WINDOWS\SYSTEM\58ba5roi.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent 01/10/05 1:17:06 PM 35 C:\WINDOWS\SYSTEM\ne372aqv.ini
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\btackbox.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM 226592 C:\WINDOWS\SYSTEM\prwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\phwave.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FW20.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pidrv.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wtpui.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\mnoeacct.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CEYPTNET.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SONCUI.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOUSIC32.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wdpshell.dll
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OPEDLG.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DZ32GT.DLL
ad-w-a-r-e.com 31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FIWPP.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
23/06/06 7:57:12 PM RH 1400864 C:\WINDOWS\USER.DAT
23/06/06 7:57:14 PM RH 7733286 C:\WINDOWS\SYSTEM.DAT
20/06/06 6:28:42 PM H 54156 C:\WINDOWS\QTFont.qfn
23/06/06 7:49:18 PM H 738645 C:\WINDOWS\ShellIconCache
20/06/06 9:52:28 PM H 5416 C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MKJET35.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUB32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MBEXCH40.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\AYIPITA.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OUEDLG.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\PGNMAP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SMLFX.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MPCMS.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAANP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IUROP.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JYEG1X32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CDGMGR32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EOAPI162.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\JNBEXEC.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\mqihnd.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CZL3D32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\btackbox.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\EYUSBIN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\QRARTZ.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\whspdmoe.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jzsh400.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\jfdw400.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\phwave.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wfspdmoe.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pygfilt.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\RAR20.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CFPMAN.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SZSCLASS.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FW20.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\pidrv.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MTCPXL32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\MNCDevice.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SOUDF.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wtpui.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\mnoeacct.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\CEYPTNET.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\SONCUI.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DOUSIC32.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\wdpshell.dll
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\OPEDLG.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\DZ32GT.DLL
31/05/06 11:41:18 AM R S 226592 C:\WINDOWS\SYSTEM\FIWPP.DLL
03/06/06 11:45:12 AM HS 11776 C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM HS 400 C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM HS 313544 C:\WINDOWS\All Users\DRM\IndivBox.key
23/06/06 7:52:22 PM HS 4329 C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
23/06/06 4:36:10 PM H 1144 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
23/06/06 4:36:16 PM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM H 760 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM H 440 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM H 452 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM H 464 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM H 1012 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM H 560 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM H 548 C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968A9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968AF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968B9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968BF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:50:54 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968C9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968CF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968D9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968DF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968E9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968ED-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968EF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F0-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F1-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F2-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F3-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F4-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F5-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F6-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F7-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F8-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968F9-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FA-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FB-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FC-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FD-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FE-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS932968FF-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296900-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296901-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296902-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296903-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296904-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296905-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296906-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296907-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296908-02F1-11DB-8B54-0040F488AE86.tmp
23/06/06 7:51:02 PM H 0 C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCS93296909-02F1-11DB-8B54-0040F488AE86.tmp
13/06/06 8:33:24 PM HS 67 C:\WINDOWS\Temporary Internet Files\desktop.ini
23/06/06 5:51:26 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
23/06/06 5:51:34 PM HS 67 C:\WINDOWS\Temporary Internet Files\Content.IE5\BRZC69OM\desktop.ini
23/06/06 7:50:18 PM H 6 C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation 23/04/99 10:22:00 PM 221280 C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation 29/08/02 292352 C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 60928 C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 93248 C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14448 C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation 08/08/99 10:17:12 AM 41232 C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 51984 C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 420864 C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 47104 C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation 30/10/01 8:10:00 AM 442368 C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation 10/02/99 11:48:46 AM 40960 C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 66048 C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 103424 C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM 70656 C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 387072 C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 14848 C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 72192 C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation 23/04/99 10:22:00 PM 37376 C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc. 08/04/04 2:12:42 PM 323072 C:\WINDOWS\SYSTEM\QuickTime.cpl

=

<><><><><>

Thank you for your continued help.

Chris

0

Download KillBox, extract it to your desktop.

Run KillBox.exe and check the following box:-
Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.

C:\WINDOWS\SYSTEM\MKJET35.DLL
C:\WINDOWS\SYSTEM\SOUB32.DLL
C:\WINDOWS\SYSTEM\MBEXCH40.DLL
C:\WINDOWS\SYSTEM\AYIPITA.DLL
C:\WINDOWS\SYSTEM\OUEDLG.DLL
C:\WINDOWS\SYSTEM\PGNMAP.DLL
C:\WINDOWS\SYSTEM\SMLFX.DLL
C:\WINDOWS\SYSTEM\MPCMS.DLL
C:\WINDOWS\SYSTEM\RAANP.DLL
C:\WINDOWS\SYSTEM\IUROP.DLL
C:\WINDOWS\SYSTEM\IKNPSTUB.DLL
C:\WINDOWS\SYSTEM\JYEG1X32.DLL
C:\WINDOWS\SYSTEM\CDGMGR32.DLL
C:\WINDOWS\SYSTEM\EOAPI162.DLL
C:\WINDOWS\SYSTEM\IZ50_QCX.DLL
C:\WINDOWS\SYSTEM\JNBEXEC.DLL
C:\WINDOWS\SYSTEM\58ba5roi.ini
C:\WINDOWS\SYSTEM\ecs0f2l3.ini
C:\WINDOWS\SYSTEM\ne372aqv.ini
C:\WINDOWS\SYSTEM\CZL3D32.DLL
C:\WINDOWS\SYSTEM\btackbox.dll
C:\WINDOWS\SYSTEM\EYUSBIN.DLL
C:\WINDOWS\SYSTEM\prwave.dll
C:\WINDOWS\SYSTEM\whspdmoe.dll
C:\WINDOWS\SYSTEM\jzsh400.dll
C:\WINDOWS\SYSTEM\jfdw400.dll
C:\WINDOWS\SYSTEM\phwave.dll
C:\WINDOWS\SYSTEM\wfspdmoe.dll
C:\WINDOWS\SYSTEM\pygfilt.dll
C:\WINDOWS\SYSTEM\RAR20.DLL
C:\WINDOWS\SYSTEM\CFPMAN.DLL
C:\WINDOWS\SYSTEM\SZSCLASS.DLL
C:\WINDOWS\SYSTEM\FW20.DLL
C:\WINDOWS\SYSTEM\pidrv.dll
C:\WINDOWS\SYSTEM\MTCPXL32.DLL
C:\WINDOWS\SYSTEM\MNCDevice.dll
C:\WINDOWS\SYSTEM\SOUDF.DLL
C:\WINDOWS\SYSTEM\wtpui.dll
C:\WINDOWS\SYSTEM\mnoeacct.dll
C:\WINDOWS\SYSTEM\CEYPTNET.DLL
C:\WINDOWS\SYSTEM\SONCUI.DLL
C:\WINDOWS\SYSTEM\DOUSIC32.DLL
C:\WINDOWS\SYSTEM\wdpshell.dll
C:\WINDOWS\SYSTEM\OPEDLG.DLL
C:\WINDOWS\SYSTEM\DZ32GT.DLL
C:\WINDOWS\SYSTEM\FIWPP.DLL
C:\WINDOWS\SYSTEM\JNBEXEC.DLL
C:\WINDOWS\SYSTEM\mqihnd.dll
C:\WINDOWS\SYSTEM\QRARTZ.DLL
C:\WINDOWS\SYSTEM\pwdrv.dll

Then in Killbox click File > Paste from Clipboard. At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.

Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? You will need to click "Yes" to allow the reboot.

Note: When you choose "Paste From Clipboard", KillBox will show all the file names inside the "Full Path of the file to delet" text box, and the titlebar of KillBox will show the number of files. Killbox will let you know if a file does not exist.

[If you have any issues (for example, if KillBox shows total files as 0 even after choosing "Paste from clipboard") with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.]


After the reboot, please run WinPFind again and post a new log.

0

All tasks completed, here is the WinPFind log:

»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Windows 98    Version: 4.10.2222
Internet Explorer Version: 6.0.2800.1106
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent             02/10/05 4:45:58 PM     RH  5578784    C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX!                 15/06/06 9:20:10 AM         42736      C:\WINDOWS\icont.exe
UPX!                 04/04/06 5:10:14 PM         2541151    C:\WINDOWS\hot_exotic_ferraris.scr
UPX!                 04/04/06 5:10:14 PM         220582     C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts


Checking %System% folder...ad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MKJET35.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SOUB32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MBEXCH40.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\AYIPITA.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\OUEDLG.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\PGNMAP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SMLFX.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MPCMS.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\RAANP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\IUROP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\IKNPSTUB.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\JYEG1X32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CDGMGR32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\EOAPI162.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\IZ50_QCX.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent             01/10/05 1:21:26 PM         3362       C:\WINDOWS\SYSTEM\58ba5roi.iniad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\mqihnd.dll
SAHAgent             01/10/05 1:17:06 PM         35         C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent             01/10/05 1:17:06 PM         35         C:\WINDOWS\SYSTEM\ne372aqv.iniad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CZL3D32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\btackbox.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\EYUSBIN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\snnsapi.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\prwave.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\whspdmoe.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\jzsh400.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\jfdw400.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\phwave.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\wfspdmoe.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\pygfilt.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\RAR20.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CFPMAN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SZSCLASS.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\FW20.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\pidrv.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MTCPXL32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MNCDevice.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SOUDF.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\wtpui.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\mnoeacct.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CEYPTNET.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SONCUI.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\DOUSIC32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\wdpshell.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\OPEDLG.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\DZ32GT.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\FIWPP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DRTIME.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wppcd.dll
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
24/06/06 7:34:24 PM     RH  1400864    C:\WINDOWS\USER.DAT
24/06/06 7:35:14 PM     RH  7733286    C:\WINDOWS\SYSTEM.DAT
24/06/06 11:50:58 AM     H  54156      C:\WINDOWS\QTFont.qfn
24/06/06 3:21:48 PM      H  739241     C:\WINDOWS\ShellIconCache
24/06/06 3:21:52 PM      H  5416       C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\snnsapi.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DRTIME.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wppcd.dll
03/06/06 11:45:12 AM     HS 11776      C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM     HS 400        C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM     HS 313544     C:\WINDOWS\All Users\DRM\IndivBox.key
24/06/06 7:29:26 PM      HS 1368       C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
24/06/06 11:39:38 AM     H  1180       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
24/06/06 11:41:22 AM     H  1124       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM     H  760        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM      H  452        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM      H  464        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM      H  1012       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM     H  560        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM      H  548        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3422-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3423-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3424-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3425-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3426-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3427-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3428-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3429-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F342F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3430-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3431-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3432-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3433-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3434-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3435-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3436-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3437-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3438-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3439-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F343F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3440-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3441-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3442-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3443-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:29:50 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3444-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3445-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3446-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3447-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3448-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3449-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F344F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3450-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3451-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3452-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3453-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3454-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3455-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3456-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3457-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3458-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3459-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F345F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3460-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3461-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3462-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3463-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3464-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3465-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3466-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3467-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3468-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3469-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F346F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3470-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3471-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3472-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3473-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3474-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3475-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3476-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3477-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3478-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3479-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347A-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347B-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347C-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347D-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347E-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F347F-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3480-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3481-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3482-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3483-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3484-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3485-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3486-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3487-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3488-03B7-11DB-8B54-0040F488AE86.tmp
24/06/06 7:30:00 PM      H  0          C:\WINDOWS\Application Data\Webroot\Spy Sweeper\Temp\SSCSCC6F3489-03B7-11DB-8B54-0040F488AE86.tmp
13/06/06 8:33:24 PM      HS 67         C:\WINDOWS\Temporary Internet Files\desktop.ini
24/06/06 12:41:04 PM     HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
24/06/06 12:41:08 PM     HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\1E22D9UH\desktop.ini
24/06/06 12:46:14 PM     HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\BRZC69OM\desktop.ini
24/06/06 7:29:18 PM      H  6          C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation          23/04/99 10:22:00 PM        221280     C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation          29/08/02                    292352     C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        60928      C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        93248      C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14448      C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation          08/08/99 10:17:12 AM        41232      C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        51984      C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        420864     C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        47104      C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation          30/10/01 8:10:00 AM         442368     C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation          10/02/99 11:48:46 AM        40960      C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        66048      C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        103424     C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM        70656      C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        387072     C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14848      C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        72192      C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        37376      C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc.           08/04/04 2:12:42 PM         323072     C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc.           26/08/96 2:12:00 AM     R   341504     C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems               13/02/06 11:53:30 AM        61555      C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
23/06/06 5:38:34 PM         25658      C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM         15144      C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4}  = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9}  = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B}  = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}  = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText  = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
SpySweeper "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winupdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 24/06/06 7:38:23 PM



<>>>>>>><<<<<<>>>>>>>><<<<<<<>>>>>>

Thank you
Chris

Edited by happygeek: fixed formatting

0

Hi,
The Look2Me DLLs are still there. Please download Kill2Me and extract it to a folder. Next run Kill2Me.exe and follow the onscreen prompts.

After this, download VX2Finder9X and run it. Next click the "Click to Find VX2.BetterInternet" button. VX2Finder9X will scan the system and if it finds any bad files, it will list them. If it finds any file, copy the list and please post back here.


Also, run CCleaner and click "Run Cleaner" button to delete all the temp files. After you delete the temp files, run WinPFind and please post a new log.

0

ok so went through that, here is the VX2 Finder results:

Files Found---

User Agent String---
{EA89D347-665A-9B37-B7B1-3013EEF92CD6}


------------------------------------------------------------
and once again a WinPFind log:



»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent             02/10/05 4:45:58 PM     RH  5578784    C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX!                 15/06/06 9:20:10 AM         42736      C:\WINDOWS\icont.exe
UPX!                 04/04/06 5:10:14 PM         2541151    C:\WINDOWS\hot_exotic_ferraris.scr
UPX!                 04/04/06 5:10:14 PM         220582     C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts


Checking %System% folder...ad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MKJET35.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SOUB32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MBEXCH40.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\AYIPITA.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\OUEDLG.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\PGNMAP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SMLFX.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MPCMS.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\RAANP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\IUROP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\IKNPSTUB.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\JYEG1X32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CDGMGR32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\EOAPI162.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\IZ50_QCX.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\JNBEXEC.DLL
SAHAgent             01/10/05 1:21:26 PM         3362       C:\WINDOWS\SYSTEM\58ba5roi.iniad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\mqihnd.dll
SAHAgent             01/10/05 1:17:06 PM         35         C:\WINDOWS\SYSTEM\ecs0f2l3.ini
SAHAgent             01/10/05 1:17:06 PM         35         C:\WINDOWS\SYSTEM\ne372aqv.iniad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CZL3D32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\btackbox.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\EYUSBIN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\snnsapi.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\prwave.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\whspdmoe.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\jzsh400.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\jfdw400.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\phwave.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\wfspdmoe.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\pygfilt.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\RAR20.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CFPMAN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SZSCLASS.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\FW20.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\pidrv.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MTCPXL32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MNCDevice.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SOUDF.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\wtpui.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\mnoeacct.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\CEYPTNET.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\SONCUI.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\DOUSIC32.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\wdpshell.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\OPEDLG.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\DZ32GT.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\FIWPP.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DRTIME.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wppcd.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DAIMAN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DOMSSHRN.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
25/06/06 10:28:00 PM    RH  1400864    C:\WINDOWS\USER.DAT
25/06/06 10:28:00 PM    RH  7733286    C:\WINDOWS\SYSTEM.DAT
24/06/06 11:50:58 AM     H  54156      C:\WINDOWS\QTFont.qfn
25/06/06 10:13:54 PM     H  826369     C:\WINDOWS\ShellIconCache
24/06/06 3:21:52 PM      H  5416       C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\snnsapi.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\pwdrv.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DRTIME.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wppcd.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DAIMAN.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DOMSSHRN.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IOM32.DLL
03/06/06 11:45:12 AM     HS 11776      C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM     HS 400        C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM     HS 313544     C:\WINDOWS\All Users\DRM\IndivBox.key
25/06/06 10:19:40 PM     HS 1368       C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
25/06/06 10:25:18 PM     H  1192       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
25/06/06 10:27:36 PM     H  1348       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM     H  760        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM      H  452        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM      H  464        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM      H  1012       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM     H  560        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM      H  548        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
25/06/06 10:14:40 PM     H  6          C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation          23/04/99 10:22:00 PM        221280     C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation          29/08/02                    292352     C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        60928      C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        93248      C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14448      C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation          08/08/99 10:17:12 AM        41232      C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        51984      C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        420864     C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        47104      C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation          30/10/01 8:10:00 AM         442368     C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation          10/02/99 11:48:46 AM        40960      C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        66048      C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        103424     C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM        70656      C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        387072     C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14848      C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        72192      C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        37376      C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc.           08/04/04 2:12:42 PM         323072     C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc.           26/08/96 2:12:00 AM     R   341504     C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems               13/02/06 11:53:30 AM        61555      C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
23/06/06 5:38:34 PM         25658      C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM         15144      C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4}  = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9}  = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B}  = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}  = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText  = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
SpySweeper "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winupdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 25/06/06 10:28:54 PM

Ongoing thanks and awaiting patiently your reply!
Chris

Edited by happygeek: fixed formatting

0

Hi,
Those files are still there! Now, we have to remove them manually! Open a new file in NotePad and copy the contents of the below "Quote" box to NotePad:-

cd\
cd WINDOWS
cd SYSTEM
attrib -s -r -h MKJET35.DLL
del MKJET35.DLL
attrib -s -r -h SOUB32.DLL
del SOUB32.DLL
attrib -s -r -h MBEXCH40.DLL
del MBEXCH40.DLL
attrib -s -r -h AYIPITA.DLL
del AYIPITA.DLL
attrib -s -r -h OUEDLG.DLL
del OUEDLG.DLL
attrib -s -r -h PGNMAP.DLL
del PGNMAP.DLL
attrib -s -r -h SMLFX.DLL
del SMLFX.DLL
attrib -s -r -h MPCMS.DLL
del MPCMS.DLL
attrib -s -r -h RAANP.DLL
del RAANP.DLL
attrib -s -r -h IUROP.DLL
del IUROP.DLL
attrib -s -r -h IKNPSTUB.DLL
del IKNPSTUB.DLL
attrib -s -r -h JYEG1X32.DLL
del JYEG1X32.DLL
attrib -s -r -h CDGMGR32.DLL
del CDGMGR32.DLL
attrib -s -r -h EOAPI162.DLL
del EOAPI162.DLL
attrib -s -r -h IZ50_QCX.DLL
del IZ50_QCX.DLL
attrib -s -r -h JNBEXEC.DLL
del JNBEXEC.DLL
attrib -s -r -h 58ba5roi.ini
del 58ba5roi.ini
attrib -s -r -h ecs0f2l3.ini
del ecs0f2l3.ini
attrib -s -r -h ne372aqv.ini
del ne372aqv.ini
attrib -s -r -h CZL3D32.DLL
del CZL3D32.DLL
attrib -s -r -h btackbox.dll
del btackbox.dll
attrib -s -r -h EYUSBIN.DLL
del EYUSBIN.DLL
attrib -s -r -h prwave.dll
del prwave.dll
attrib -s -r -h whspdmoe.dll
del whspdmoe.dll
attrib -s -r -h jzsh400.dll
del jzsh400.dll
attrib -s -r -h jfdw400.dll
del jfdw400.dll
attrib -s -r -h phwave.dll
del phwave.dll
attrib -s -r -h wfspdmoe.dll
del wfspdmoe.dll
attrib -s -r -h pygfilt.dll
del pygfilt.dll
attrib -s -r -h RAR20.DLL
del RAR20.DLL
attrib -s -r -h CFPMAN.DLL
del CFPMAN.DLL
attrib -s -r -h SZSCLASS.DLL
del SZSCLASS.DLL
attrib -s -r -h FW20.DLL
del FW20.DLL
attrib -s -r -h pidrv.dll
del pidrv.dll
attrib -s -r -h MTCPXL32.DLL
del MTCPXL32.DLL
attrib -s -r -h MNCDevice.dll
del MNCDevice.dll
attrib -s -r -h SOUDF.DLL
del SOUDF.DLL
attrib -s -r -h wtpui.dll
del wtpui.dll
attrib -s -r -h mnoeacct.dll
del mnoeacct.dll
attrib -s -r -h CEYPTNET.DLL
del CEYPTNET.DLL
attrib -s -r -h SONCUI.DLL
del SONCUI.DLL
attrib -s -r -h DOUSIC32.DLL
del DOUSIC32.DLL
attrib -s -r -h wdpshell.dll
del wdpshell.dll
attrib -s -r -h OPEDLG.DLL
del OPEDLG.DLL
attrib -s -r -h DZ32GT.DLL
del DZ32GT.DLL
attrib -s -r -h FIWPP.DLL
del FIWPP.DLL
attrib -s -r -h JNBEXEC.DLL
del JNBEXEC.DLL
attrib -s -r -h mqihnd.dll
del mqihnd.dll
attrib -s -r -h QRARTZ.DLL
del QRARTZ.DLL
attrib -s -r -h pwdrv.dll
del pwdrv.dll

In NotePad, go to File Menu > Save AS and type the filename as RemFile.BAT and save the file in C:\ drive. Exit from NotePad.


Restart the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Command Prompt Mode and press Enter key.


At the Command Prompt, type RemFile and press Enter key.


After the completion of batch file, reboot the PC by pressing CTRL-ALT-DEL keys, to Normal Mode.


Run WinPFind again and scan the system and please post the new log.

0

Done as directed, this is getting pretty involved....what next?

Heres the WinPFind Log:

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
SAHAgent             02/10/05 4:45:58 PM     RH  5578784    C:\SYSTEM.1ST
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX!                 15/06/06 9:20:10 AM         42736      C:\WINDOWS\icont.exe
UPX!                 04/04/06 5:10:14 PM         2541151    C:\WINDOWS\hot_exotic_ferraris.scr
UPX!                 04/04/06 5:10:14 PM         220582     C:\WINDOWS\uninstall hot_exotic_ferraris.exe
Items found in C:\WINDOWS\hosts


Checking %System% folder...ad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\snnsapi.dllad-w-a-r-e.com       31/05/06 11:41:18 AM        226592     C:\WINDOWS\SYSTEM\MNCDevice.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DRTIME.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wppcd.dllad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DAIMAN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DOMSSHRN.DLLad-w-a-r-e.com       31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IOM32.DLL
Checking %System%\Drivers folder and sub-folders...
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
26/06/06 9:02:56 PM     RH  1400864    C:\WINDOWS\USER.DAT
26/06/06 9:00:22 PM     RH  7733286    C:\WINDOWS\SYSTEM.DAT
24/06/06 11:50:58 AM     H  54156      C:\WINDOWS\QTFont.qfn
26/06/06 8:52:58 PM      H  826747     C:\WINDOWS\ShellIconCache
24/06/06 3:21:52 PM      H  5416       C:\WINDOWS\ttfCache
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\snnsapi.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DRTIME.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\wppcd.dll
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DAIMAN.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\DOMSSHRN.DLL
31/05/06 11:41:18 AM    R S 226592     C:\WINDOWS\SYSTEM\IOM32.DLL
03/06/06 11:45:12 AM     HS 11776      C:\WINDOWS\All Users\DRM\drmv2.sst
23/05/06 12:53:10 PM     HS 400        C:\WINDOWS\All Users\DRM\v2ksndv.bla
23/05/06 12:53:10 PM     HS 313544     C:\WINDOWS\All Users\DRM\IndivBox.key
26/06/06 8:59:44 PM      HS 1368       C:\WINDOWS\Application Data\Microsoft\Internet Explorer\Desktop.htt
26/06/06 8:50:06 PM      H  2336       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\881064374\sqmdata00.sqm
25/06/06 10:27:36 PM     H  1348       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\2411316345\sqmdata00.sqm
22/05/06 11:39:16 AM     H  760        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata04.sqm
22/05/06 11:39:28 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata05.sqm
22/05/06 11:40:08 AM     H  440        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\632868714\sqmdata06.sqm
30/04/06 9:40:34 AM      H  452        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata00.sqm
30/04/06 9:40:44 AM      H  464        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\1297337182\sqmdata01.sqm
08/05/06 9:58:50 AM      H  1012       C:\WINDOWS\Application Data\Microsoft\MSN Messenger\912306871\sqmdata00.sqm
22/05/06 10:32:40 AM     H  560        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3679907391\sqmdata00.sqm
22/05/06 3:54:44 PM      H  548        C:\WINDOWS\Application Data\Microsoft\MSN Messenger\3812650686\sqmdata00.sqm
25/06/06 10:42:04 PM     HS 67         C:\WINDOWS\Temporary Internet Files\desktop.ini
26/06/06 6:20:58 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\desktop.ini
26/06/06 6:21:12 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\OPERG5IJ\desktop.ini
26/06/06 6:21:12 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\S8JZSI1O\desktop.ini
26/06/06 6:21:12 PM      HS 67         C:\WINDOWS\Temporary Internet Files\Content.IE5\6MRONBG9\desktop.ini
26/06/06 8:59:38 PM      H  6          C:\WINDOWS\Tasks\SA.DAT
Checking for CPL files...
Microsoft Corporation          23/04/99 10:22:00 PM        221280     C:\WINDOWS\SYSTEM\DESK.CPL
Microsoft Corporation          29/08/02                    292352     C:\WINDOWS\SYSTEM\INETCPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        60928      C:\WINDOWS\SYSTEM\INTL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        93248      C:\WINDOWS\SYSTEM\MODEM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14448      C:\WINDOWS\SYSTEM\NETCPL.CPL
Microsoft Corporation          08/08/99 10:17:12 AM        41232      C:\WINDOWS\SYSTEM\ODBCCP32.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        51984      C:\WINDOWS\SYSTEM\POWERCFG.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        420864     C:\WINDOWS\SYSTEM\MMSYS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        47104      C:\WINDOWS\SYSTEM\PASSWORD.CPL
Microsoft Corporation          30/10/01 8:10:00 AM         442368     C:\WINDOWS\SYSTEM\JOY.CPL
Microsoft Corporation          10/02/99 11:48:46 AM        40960      C:\WINDOWS\SYSTEM\FINDFAST.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        66048      C:\WINDOWS\SYSTEM\ACCESS.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        103424     C:\WINDOWS\SYSTEM\MAIN.CPL
23/04/99 10:22:00 PM        70656      C:\WINDOWS\SYSTEM\STICPL.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        387072     C:\WINDOWS\SYSTEM\SYSDM.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        14848      C:\WINDOWS\SYSTEM\TELEPHON.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        72192      C:\WINDOWS\SYSTEM\APPWIZ.CPL
Microsoft Corporation          23/04/99 10:22:00 PM        37376      C:\WINDOWS\SYSTEM\TIMEDATE.CPL
Apple Computer, Inc.           08/04/04 2:12:42 PM         323072     C:\WINDOWS\SYSTEM\QuickTime.cpl
Apple Computer, Inc.           26/08/96 2:12:00 AM     R   341504     C:\WINDOWS\SYSTEM\QTW32.CPL
Sun Microsystems               13/02/06 11:53:30 AM        61555      C:\WINDOWS\SYSTEM\jpicpl32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
Checking files in %USERPROFILE%\Application Data folder...
23/06/06 5:38:34 PM         25658      C:\WINDOWS\Application Data\dw.log
23/03/06 6:36:08 PM         15144      C:\WINDOWS\Application Data\GDIPFONTCACHEV1.DAT
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\IMMenuShellExt
{F8984111-38B6-11D5-8725-0050DA2761C4}  = C:\PROGRAM FILES\INCREDIMAIL\BIN\IMSHEXT.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SharingMenu
{6D78EC20-5AA6-101B-8681-366FBD64CEB9}  = msshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B}  = C:\PROGRA~1\WEBROOT\SPYSWE~1\SSCTXMNU.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000}  = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467}  = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96}
ButtonText  = Yahoo! Messenger : C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = C:\WINDOWS\SYSTEM\BROWSEUI.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = C:\WINDOWS\SYSTEM\SHDOCVW.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{8E718888-423F-11D2-876E-00A0C9082467} = &Radio : C:\WINDOWS\SYSTEM\MSDXM.OCX
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : C:\WINDOWS\SYSTEM\BROWSEUI.DLL
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} =  :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ScanRegistry C:\WINDOWS\scanregw.exe /autorun
TaskMonitor C:\WINDOWS\taskmon.exe
SystemTray SysTray.Exe
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
CriticalUpdate C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
QuickTime Task "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
StillImageMonitor C:\WINDOWS\SYSTEM\STIMON.EXE
EPSON Stylus C62 Series C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
SpySweeper "C:\PROGRAM FILES\WEBROOT\SPY SWEEPER\SPYSWEEPER.EXE" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
LoadPowerProfile Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
SchedulingAgent mstask.exe
KB891711 C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
MsnMsgr "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
PopUpStopperFreeEdition "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices-]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce-]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HideSharePwds
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun •
CDRAutoRun
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
winupdate.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck                        {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = C:\WINDOWS\SYSTEM\WEBCHECK.DLL


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 26/06/06 9:05:38 PM


<><><>

thanks again
Chris

Edited by happygeek: fixed formatting

0

Hi,
Ok, most of the "bad" files are gone. Please download L2M9XFix and extract it to a folder. Now, inside this extracted folder, there will be a file named RunThis.bat. Double-click on this file. A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.

0

Ok log #1 is L2M9XFIX:

Log of L2M9XFix v1.01a

************

Running from directory:
C:\WINDOWS\Desktop\repair\L2M9XFIX\l2m9xfix

************

Files found:

C:\WINDOWS\system\DAIMAN.DLL
C:\WINDOWS\system\DOMSSHRN.DLL
C:\WINDOWS\system\DRTIME.DLL
C:\WINDOWS\system\IOM32.DLL
C:\WINDOWS\system\MNCDevice.dll
C:\WINDOWS\system\snnsapi.dll
C:\WINDOWS\system\wppcd.dll

************

Registry entries found:


REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{EA89D347-665A-9B37-B7B1-3013EEF92CD6}"=""

************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!

<><><><><><><><><><><><><><><><><><>

And log #2 is HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:28:29 PM, on 27/06/06
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\DESKTOP\REPAIR\HIJACKTHIS.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\INCMAIL.EXE
C:\PROGRAM FILES\INCREDIMAIL\BIN\IMAPP.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [CriticalUpdate] C:\WINDOWS\SYSTEM\wucrtupd.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
O4 - HKLM\..\Run: [EPSON Stylus C62 Series] C:\WINDOWS\SYSTEM\E_S0BIC1.EXE /P23 "EPSON Stylus C62 Series" /O5 "LPT1:" /M "Stylus C62"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRAM FILES\PANICWARE\POP-UP STOPPER FREE EDITION\PSFREE.EXE"
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YAHOOMESSENGER.EXE
O12 - Plugin for .pdf: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin9x/AvSniff.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_ansi.cab


<><><><>

Note: I have noticed since before this last series of tasks that I don't have popups anymore like I did before (which was VERY annoying!).

Chris

0

Hi,
Look2Me's gone! Log looks clean :D Please post back if you still get any popups or have any problems with the PC.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.