It's taken me all day to run these programs; I think that's because my computer is fairly old, and therefore slow. The results:
Ewido Report: (I had to cancel the first run, because it seemed to have gotten stuck, so I'm including the results from both the first (fairly short) and second (very, very long) run.
1.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:52:24 PM, 6/22/2005
+ Report-Checksum: 702B6BFC
+ Date of database: 6/22/2005
+ Version of scan engine: v3.0
+ Duration: 67 min
+ Scanned Files: 32289
+ Speed: 7.95 Files/Second
+ Infected files: 1
+ Removed files: 1
+ Files put in quarantine: 1
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
D:\
E:\
+ Scan result:
C:\WINDOWS\Cookies\
[email protected] -> Spyware.Tracking-Cookie -> Cleaned with backup
::Report End
2.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 5:51:44 PM, 6/22/2005
+ Report-Checksum: 15ED5019
+ Date of database: 6/22/2005
+ Version of scan engine: v3.0
+ Duration: 269 min
+ Scanned Files: 236266
+ Speed: 14.61 Files/Second
+ Infected files: 18
+ Removed files: 15
+ Files put in quarantine: 15
+ Files that could not be opened: 0
+ Files that could not be cleaned: 3
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
D:\
E:\
C:\ palmtemp
C:\$VAULT$.AVG
C:\audiograbber
C:\BODY6
C:\campdocs
C:\copymydocs
C:\Creative
C:\diamonddriverxp1
C:\Documents and Settings
C:\e477b25842f8352db2af542268
C:\FOUND.000
C:\FOUND.001
C:\HijackThis
C:\ichat
C:\KA
C:\KA
C:\Math2000
C:\Media
C:\MemoryMagic
C:\MPS
C:\msdownld.tmp
C:\My Documents
C:\neww98
C:\POP3.CD
C:\Program Files
C:\Recorded Calls
C:\Savage2Kxp2
C:\temp
C:\THINKFST
C:\Training
C:\unzipped
C:\w2003Iso
C:\Win2003Image
C:\WINDOWS
C:\Windows Update Setup Files
C:\WRITEPRO
C:\xProgram Files
C:\3-079-03[1].zip
C:\AVG7QT.DAT
C:\AVG7QT.DAT
C:\avglog.err
C:\BOOTLOG.TXT
C:\BOOTLOG.PRV
C:\CONFIG.SYS
C:\ffastun.ffo
C:\FRUNLOG.TXT
C:\mindmankey.txt
C:\orderlink.txt
C:\PDOXUSRS.NET
C:\pop3.log
C:\SB_usb_log.txt
C:\SCANDISK.LOG
C:\SETUPXLG.TXT
C:\testfile
C:\thinkfastkey.txt
C:\THNKFST.EXE
C:\upd4520.exe
C:\vxsystem.dat
C:\winzip.log
C:\writepro.PIF
C:\WRITEPRO.BAT
+ Scan result:
D:\Documents and Settings\Administrator\Cookies\administrator@3422958[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\administrator@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\
[email protected][2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
D:\Documents and Settings\Administrator\Cookies\administrator@html[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
E:\Documents and Settings\Miriam\Local Settings\Temp\Cookies\miriam@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
E:\Documents and Settings\Miriam\Local Settings\Temp\Cookies\miriam@fastclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
E:\Documents and Settings\Miriam\Local Settings\Temp\Cookies\miriam@zedo[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
E:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
E:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.DelphinMedia.Viewer.f -> Cleaned with backup
E:\WINDOWS\cfgmgr52.dll -> Spyware.BookedSpace.e -> Cleaned with backup
E:\WINDOWS\Downloaded Program Files\pcs_0016.exe -> Spyware.Pacer.b -> Cleaned with backup
E:\WINDOWS\Downloaded Program Files\website.ocx -> TrojanDownloader.Agent.ex -> Cleaned with backup
E:\WINDOWS\shop1004.exe -> Spyware.Sahat.m -> Cleaned with backup
E:\WINDOWS\system32\aoc8soet.exe -> Spyware.SAHA -> Cleaned with backup
E:\WINDOWS\system32\hstceih.exe -> Spyware.BetterInternet -> Cleaned with backup
E:\WINDOWS\system32\nsx10.dll -> Spyware.HotSearchBar -> Cleaned with backup
E:\WINDOWS\system32\supdate.dll -> TrojanDownloader.Qoologic.p -> Cleaned with backup
E:\WINDOWS\tutwycatmg.exe -> Spyware.BetterInternet -> Cleaned with backup
::Report End
Okay, now for the new HijackThis log:Logfile of HijackThis v1.99.1
Scan saved at 6:33:47 PM, on 6/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\ewido\security suite\ewidoguard.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\Common Files\Real\Update_OB\realsched.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\WINDOWS\system32\rukmma.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\Cas\Client\casclient.exe
D:\Program Files\WinZip\WZQKPICK.EXE
E:\Program Files\Mozilla Firefox\firefox.exe
E:\WINDOWS\system32\cmd.exe
E:\WINDOWS\system32\ntvdm.exe
E:\WINDOWS\system32\NOTEPAD.EXE
C:\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.com/R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.cnn.comR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "E:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [KavSvc] E:\WINDOWS\system32\rukmma.exe reg_run
O4 - HKCU\..\Run: [SpyKiller] E:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CAS Client] "E:\Program Files\Cas\Client\casclient.exe"
O4 - Startup: Zeno.lnk = E:\WINDOWS\system32\ssysrwd8.exe
O4 - Startup: Zstart.lnk = E:\Documents and Settings\Miriam\Local Settings\Temp\zxinst12.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = D:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://e:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://e:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://e:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://e:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://e:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - E:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - E:\Program Files\WindowsIM\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} -
http://a1540.g.akama...meInstaller.exeO16 - DPF: {4208FB4D-4E53-4F5A-BF7A-3E047DDB5281} (ActiveX Control) -
http://www.icannnews.../ST/ActiveX.ocxO16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.googl...gleActivate.cabO16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) -
http://forums.instit...sie/msichat.cabO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido\security suite\ewidoguard.exe
And now for the l2m log:L2MFIX find log 1.03
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{96519E44-CDA3-74A5-79F2-8202545CA35B}"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}"="Set Program Access and Defaults"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{7C9D5882-CB4A-4090-96C8-430BFE8B795B}"="Webroot Spy Sweeper Context Menu Integration"
"{596AB062-B4D2-4215-9F74-E9109B0A8153}"="Previous Versions Property Page"
"{9DB7A13C-F208-4981-8353-73CC61AE2783}"="Previous Versions"
"{692F0339-CBAA-47e6-B5B5-3B84DB604E87}"="Extensions Manager Folder"
"{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}"="AVG7 Shell Extension"
"{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}"="AVG7 Find Extension"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{FB982D26-5AEF-4A5B-9F83-1458B0C350E0}"=""
"{7CD61C47-1117-4591-A56B-CB0979D1F74F}"=""
"{E42506FE-2828-4B1E-AEF3-3ED81B3759F3}"=""
"{A48FAD27-0366-4208-A97E-FDCC1AF9468F}"=""
"{A36AA7AC-53BD-47DE-AEED-7C57FC59F676}"=""
"{B807094F-9C1C-4D0D-80DB-0A726D1CEA7B}"=""
"{DDC16DE5-7CB2-46C5-9821-4EFE2047A33A}"=""
"{ECCDC182-06B0-40CE-90B7-85E925C84118}"=""
**********************************************************************************
HKEY ROOT CLASSIDS:
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{FB982D26-5AEF-4A5B-9F83-1458B0C350E0}]
@=""
"IDEx"="ST004"
[HKEY_CLASSES_ROOT\CLSID\{FB982D26-5AEF-4A5B-9F83-1458B0C350E0}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FB982D26-5AEF-4A5B-9F83-1458B0C350E0}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{FB982D26-5AEF-4A5B-9F83-1458B0C350E0}\InprocServer32]
@="E:\\WINDOWS\\system32\\apvpack.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{7CD61C47-1117-4591-A56B-CB0979D1F74F}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7CD61C47-1117-4591-A56B-CB0979D1F74F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7CD61C47-1117-4591-A56B-CB0979D1F74F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{7CD61C47-1117-4591-A56B-CB0979D1F74F}\InprocServer32]
@="E:\\WINDOWS\\system32\\ihcvid.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{E42506FE-2828-4B1E-AEF3-3ED81B3759F3}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E42506FE-2828-4B1E-AEF3-3ED81B3759F3}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E42506FE-2828-4B1E-AEF3-3ED81B3759F3}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{E42506FE-2828-4B1E-AEF3-3ED81B3759F3}\InprocServer32]
@="E:\\WINDOWS\\system32\\dtvvox.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A48FAD27-0366-4208-A97E-FDCC1AF9468F}]
@=""
"IDEx"="ST"
[HKEY_CLASSES_ROOT\CLSID\{A48FAD27-0366-4208-A97E-FDCC1AF9468F}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A48FAD27-0366-4208-A97E-FDCC1AF9468F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A48FAD27-0366-4208-A97E-FDCC1AF9468F}\InprocServer32]
@="E:\\WINDOWS\\system32\\rXstls.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{A36AA7AC-53BD-47DE-AEED-7C57FC59F676}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A36AA7AC-53BD-47DE-AEED-7C57FC59F676}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A36AA7AC-53BD-47DE-AEED-7C57FC59F676}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{A36AA7AC-53BD-47DE-AEED-7C57FC59F676}\InprocServer32]
@="E:\\WINDOWS\\system32\\ifakeng.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{B807094F-9C1C-4D0D-80DB-0A726D1CEA7B}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B807094F-9C1C-4D0D-80DB-0A726D1CEA7B}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B807094F-9C1C-4D0D-80DB-0A726D1CEA7B}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{B807094F-9C1C-4D0D-80DB-0A726D1CEA7B}\InprocServer32]
@="E:\\WINDOWS\\system32\\ibetcomm.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{DDC16DE5-7CB2-46C5-9821-4EFE2047A33A}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DDC16DE5-7CB2-46C5-9821-4EFE2047A33A}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DDC16DE5-7CB2-46C5-9821-4EFE2047A33A}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{DDC16DE5-7CB2-46C5-9821-4EFE2047A33A}\InprocServer32]
@="E:\\WINDOWS\\system32\\smclogon.dll"
"ThreadingModel"="Apartment"
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\CLSID\{ECCDC182-06B0-40CE-90B7-85E925C84118}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ECCDC182-06B0-40CE-90B7-85E925C84118}\Implemented Categories]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ECCDC182-06B0-40CE-90B7-85E925C84118}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""
[HKEY_CLASSES_ROOT\CLSID\{ECCDC182-06B0-40CE-90B7-85E925C84118}\InprocServer32]
@="E:\\WINDOWS\\system32\\dxsapi.dll"
"ThreadingModel"="Apartment"
**********************************************************************************
Files Found are not all bad files:
E:\WINDOWS\SYSTEM32\
apvpack.dll Tue Jun 21 2005 2:22:54p ..S.R 417,792 408.00 K
browseui.dll Mon May 2 2005 4:52:34p A.... 1,019,904 996.00 K
cdfview.dll Mon May 2 2005 4:52:34p A.... 151,040 147.50 K
cdm.dll Thu May 26 2005 4:16:24a A.... 75,544 73.77 K
dndim700.dll Tue Jun 21 2005 9:27:08p ..S.R 417,792 408.00 K
dtvvox.dll Tue Jun 21 2005 5:00:28p ..S.R 417,792 408.00 K
dxsapi.dll Wed Jun 22 2005 10:52:16a ..S.R 417,792 408.00 K
ftst30.dll Tue Jun 21 2005 8:56:08p ..S.R 417,792 408.00 K
hhsetup.dll Thu May 26 2005 10:04:28p A.... 41,472 40.50 K
ibetcomm.dll Tue Jun 21 2005 11:16:38p ..S.R 417,792 408.00 K
iepeers.dll Mon May 2 2005 4:52:34p A.... 250,880 245.00 K
ifakeng.dll Wed Jun 22 2005 1:09:44a ..S.R 417,792 408.00 K
ihcvid.dll Tue Jun 21 2005 4:20:34p ..S.R 417,792 408.00 K
inseng.dll Mon May 2 2005 4:52:34p A.... 96,256 94.00 K
itircl.dll Thu May 26 2005 10:04:28p A.... 155,136 151.50 K
itss.dll Thu May 26 2005 10:04:28p A.... 137,216 134.00 K
iuengine.dll Thu May 26 2005 4:16:24a A.... 198,424 193.77 K
kgdinmal.dll Tue Jun 21 2005 8:36:24p ..S.R 417,792 408.00 K
mcrdo20.dll Tue Jun 21 2005 8:51:28p ..S.R 417,792 408.00 K
mgoa.dll Tue Jun 21 2005 6:30:30p ..S.R 417,792 408.00 K
mshtml.dll Mon May 2 2005 4:52:36p A.... 3,012,608 2.87 M
mshtmled.dll Mon May 2 2005 4:52:36p A.... 448,512 438.00 K
msi.dll Wed May 4 2005 2:45:32p A.... 2,890,240 2.75 M
msrating.dll Mon May 2 2005 4:52:36p A.... 146,432 143.00 K
nsl.dll Tue Jun 21 2005 8:37:58p ..S.R 417,792 408.00 K
pngfilt.dll Mon May 2 2005 4:52:36p A.... 39,424 38.50 K
pxcrt.dll Tue Jun 21 2005 7:17:42p ..S.R 417,792 408.00 K
rceuukc.dll Tue Jun 21 2005 2:26:56p A.... 27,648 27.00 K
rspsnd.dll Tue Jun 21 2005 8:38:56p ..S.R 417,792 408.00 K
rxstls.dll Tue Jun 21 2005 7:11:08p A.... 417,792 408.00 K
shdocvw.dll Mon May 2 2005 4:52:36p A.... 1,483,776 1.41 M
shlwapi.dll Mon May 2 2005 4:52:36p A.... 473,600 462.50 K
smclogon.dll Wed Jun 22 2005 12:00:58a ..S.R 417,792 408.00 K
urlmon.dll Mon May 2 2005 4:52:36p A.... 607,744 593.50 K
uvrnn.dll Tue Jun 21 2005 2:26:56p A.... 9,728 9.50 K
wininet.dll Mon May 2 2005 4:52:36p A.... 657,920 642.50 K
wuapi.dll Thu May 26 2005 4:16:30a A.... 465,176 454.27 K
wuaueng.dll Thu May 26 2005 4:16:30a A.... 1,343,768 1.28 M
wuaueng1.dll Thu May 26 2005 4:16:30a A.... 194,328 189.77 K
wucltui.dll Thu May 26 2005 4:16:30a A.... 127,256 124.27 K
wups.dll Thu May 26 2005 4:16:30a A.... 41,240 40.27 K
wups2.dll Thu May 26 2005 4:16:30a A.... 18,200 17.77 K
wuweb.dll Thu May 26 2005 4:16:30a A.... 173,536 169.47 K
xpsp3res.dll Mon May 16 2005 8:25:36p ..... 15,360 15.00 K
44 items found: 44 files (15 H/S), 0 directories.
Total of file sizes: 20,987,040 bytes 20.01 M
Locate .tmp files:
E:\WINDOWS\SYSTEM32\
guard.tmp Wed Jun 22 2005 11:32:20a ..S.R 417,792 408.00 K
1 item found: 1 file (1 H/S), 0 directories.
Total of file sizes: 417,792 bytes 408.00 K
**********************************************************************************
Directory Listing of system files:
Volume in drive E is NTFS-XP
Volume Serial Number is 0CB8-D717
Directory of E:\WINDOWS\System32
06/22/2005 11:32 AM 417,792 guard.tmp
06/22/2005 10:52 AM 417,792 dxsapi.dll
06/22/2005 01:09 AM 417,792 ifakeng.dll
06/22/2005 12:00 AM 417,792 smclogon.dll
06/21/2005 11:33 PM <DIR> dllcache
06/21/2005 11:16 PM 417,792 ibetcomm.dll
06/21/2005 09:27 PM 417,792 dNdim700.dll
06/21/2005 08:56 PM 417,792 ftst30.dll
06/21/2005 08:51 PM 417,792 MCRDO20.DLL
06/21/2005 08:38 PM 417,792 rspsnd.dll
06/21/2005 08:37 PM 417,792 nsl.dll
06/21/2005 08:36 PM 417,792 kgdinmal.dll
06/21/2005 07:17 PM 417,792 pxcrt.dll
06/21/2005 06:30 PM 417,792 mgoa.dll
06/21/2005 05:00 PM 417,792 dtvvox.dll
06/21/2005 04:20 PM 417,792 ihcvid.dll
06/21/2005 02:22 PM 417,792 apvpack.dll
09/24/2003 08:14 PM 11,776 Thumbs.db
05/23/2003 06:57 PM <DIR> Microsoft
17 File(s) 6,696,448 bytes
2 Dir(s) 1,183,240,192 bytes free
And that's it! Whew. I know I'm not done yet, though, because I'm still getting popups.... I'm eagerly awaiting your reply and further help. Thank you so much!