A few surprises cropped up when I went through the procedure outlined above. To begine with, when I tried to open the summary reports, the operating system informed me that notepad.exe was missing from the root of C:\ which isn't where it was in the first place so I redirected the shortcut to C:\WINDOWS\ . As well, I need to boot up Internet Explorer in order to do an on-line scan from Trend Micro but Internet Explorer refused to initiate, at least until I exited all instances of Mozilla Firefox.
Log files:
About:Buster
AboutBuster 5.0 reference file 31
Scan started on [8/1/2005] at [10:36:27 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:37:00 AM
AboutBuster 5.0 reference file 31
Scan started on [8/1/2005] at [10:53:12 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:53:45 AM
AboutBuster 5.0 reference file 31
Scan started on [8/1/2005] at [10:57:08 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:57:44 AM
TREND MICRO - Antispyware
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=BONES
Time=Mon Aug 01 09:11:14 2005
Product Version=3, 0, 1, 22
OS Version=Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Started Scanning
Programs in Memory
Finished Scanning
IE Plugins: Found '{619D4638-8445-4420-AA07-C0B2C7DA6E3B}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
Program Startup Areas: Found 'skxedll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'skxeenc' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'sp' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
CoolWebSearch Variants (CWShredder): Found 'CWS.HiddenDll' in ''
Programs in Memory
Windows Registry
Windows Registry: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Found 'Search Bar' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall'
Windows Registry: Found '' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/html'
Windows Registry: Found '' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/plain'
Windows Registry: Found 'HOMEOldSP' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Found 'sp' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Windows Registry: Found 'HOMEOldSP' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
Windows Registry: Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Windows Registry: Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'CLSID' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/html'
Windows Registry: Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Windows Registry: Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'CLSID' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/plain'
Windows Registry: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Found 'Search Bar' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
Windows Registry: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Found 'Search Bar' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
Windows Registry: Found '' in 'PROTOCOLS\Filter\text/html'
Windows Registry: Found '' in 'PROTOCOLS\Filter\text/plain'
Windows Registry: Found 'sp' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Finished Backup
Started Cleaning
CoolWebSearch Variants (CWShredder): Cleaned 'CWS.HiddenDll' in ''
Windows Registry: Cleaned 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Cleaned 'Search Bar' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
Windows Registry: Cleaned '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAssistant Uninstall'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/html'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\PROTOCOLS\Filter\text/plain'
Windows Registry: Cleaned 'HOMEOldSP' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Cleaned 'sp' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Windows Registry: Cleaned 'HOMEOldSP' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'. Error=5.
WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'. Error=5.
Windows Registry: Cleaned 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Cleaned 'Search Bar' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
Windows Registry: Cleaned 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Windows Registry: Cleaned 'Search Bar' in 'S-1-5-21-1292428093-1580436667-854245398-1004\Software\Microsoft\Internet Explorer\Main'
Windows Registry: Cleaned '' in 'PROTOCOLS\Filter\text/html'
Windows Registry: Cleaned '' in 'PROTOCOLS\Filter\text/plain'
Unable to delete registry value 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sp'. Error=2.
Finished Cleaning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=BONES
Time=Mon Aug 01 09:22:54 2005
Product Version=3, 0, 1, 22
OS Version=Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=BONES
Time=Mon Aug 01 09:22:54 2005
Product Version=3, 0, 1, 22
OS Version=Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Started Scanning
Programs in Memory
Finished Scanning
Web Browser Security Settings: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Program Startup Areas: Found 'ivfedll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'ivfeenc' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Started Backup
Finished Backup
Started Cleaning
Program Startup Areas: Cleaned 'ivfedll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Cleaned 'ivfeenc' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Finished Cleaning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=BONES
Time=Mon Aug 01 11:07:00 2005
Product Version=3, 0, 1, 22
OS Version=Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Started Scanning
Programs in Memory
Finished Scanning
Program Startup Areas: Cleaned 'ivfedll' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Cleaned 'ivfeenc' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=BONES
Time=Mon Aug 01 11:33:08 2005
Product Version=3, 0, 1, 22
OS Version=Microsoft Windows XP Home Edition Service Pack 1 (Build 2600)
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Windows Registry: Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Windows Registry: Found '' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'Class' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'ClassGUID' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'ConfigFlags' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'DeviceDesc' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'Legacy' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Windows Registry: Found 'NextInstance' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'
Windows Registry: Found 'Service' in 'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT for export/import. Error=5.
Unable to access the registry key HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000 for export/import. Error=5.
Finished Backup
Started Cleaning
WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT'. Error=5.
WARNING: Unable to remove registry keys under 'HKLM\'SYSTEM\CurrentControlSet\Enum\Root\LEGACY_DELPROT\0000'. Error=5.
Finished Cleaning
SPSeHjFix log results
(8/1/05 10:59:43 AM) SPSeHjFix started v1.1.2
(8/1/05 10:59:43 AM) OS: WinXP Service Pack 1 (5.1.2600)
(8/1/05 10:59:43 AM) Language: english
(8/1/05 10:59:43 AM) Win-Path: C:\WINDOWS
(8/1/05 10:59:43 AM) System-Path: C:\WINDOWS\System32
(8/1/05 10:59:43 AM) Temp-Path: C:\DOCUME~1\BONESJ~1\LOCALS~1\Temp\
(8/1/05 10:59:57 AM) Disinfection started
(8/1/05 10:59:57 AM) Bad-Dll(IEP): (not found)
(8/1/05 10:59:57 AM) Bad-Dll(IEP) in BHO: (not found)
(8/1/05 10:59:58 AM) UBF: 7 - UBB: 5 - UBR: 46
(8/1/05 10:59:58 AM) UBF: 7 - UBB: 5 - UBR: 46
(8/1/05 10:59:58 AM) Bad IE-pages:
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKCU\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Search Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Main, Start Page: about:blank
deleted: HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant: about:blank
(8/1/05 10:59:58 AM) Stealth-String not found
(8/1/05 10:59:58 AM) Not infected->END
HiJackThis log results:
Logfile of HijackThis v1.99.1
Scan saved at 12:32:35 PM, on 8/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\System32\CePMTray.exe
C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\Logitech\ImageStudio\LogiTray.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\Program Files\MSN Video Enhanced\MSNVE.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\sdiosvc.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Gearbox Connection Kit\bin\gbConMon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\CMAPP\Client\cmappclient.exe
C:\Program Files\Gearbox Connection Kit\bin\gbTask.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AOL 8.0\aoltray.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\Wtablet\TabUserW.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://195.95.218.172/index.phpR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://195.95.218.172/index.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
http://195.95.218.172/index.phpR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
http://195.95.218.172/index.phpR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:8080
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcpack.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} - C:\WINDOWS\System32\rxyrsbjh.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
O4 - HKLM\..\Run: [Gearbox] "C:\Program Files\Gearbox Connection Kit\bin\confsvr.exe"
O4 - HKLM\..\Run: [Microsoft Inet Xp..] teekids.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Windows Automation] mslaugh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKLM\..\Run: [_Cat4] C:\WINDOWS\msmsgr2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\BONESJ~1\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [vnktdll] C:\WINDOWS\vnktdll.EXE
O4 - HKLM\..\Run: [yqehenc] C:\WINDOWS\yqehenc.EXE
O4 - HKLM\..\Run: [MSN Video Enhanced] "C:\Program Files\MSN Video Enhanced\MSNVE.exe"
O4 - HKLM\..\Run: [lanbrup] C:\WINDOWS\System32\lanbrup.exe
O4 - HKLM\..\Run: [386nk04c] C:\WINDOWS\System32\386nk04c.exe
O4 - HKLM\..\Run: [qdtfbjy] c:\windows\system32\zkeapkh.exe r
O4 - HKLM\..\Run: [venbdll] C:\WINDOWS\venbdll.exe
O4 - HKLM\..\Run: [venbenc] C:\WINDOWS\venbenc.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [dayndll] C:\WINDOWS\dayndll.exe
O4 - HKLM\..\Run: [daynenc] C:\WINDOWS\daynenc.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [uscadll] C:\WINDOWS\uscadll.exe
O4 - HKLM\..\Run: [uscaenc] C:\WINDOWS\uscaenc.exe
O4 - HKLM\..\Run: [skxedll] C:\WINDOWS\skxedll.exe
O4 - HKLM\..\Run: [skxeenc] C:\WINDOWS\skxeenc.exe
O4 - HKLM\..\RunServices: [Gearbox Deferal Check] C:\Program Files\Gearbox Connection Kit\bin\gbdefer.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [PayTime] C:\WINDOWS\System32\paytime.exe
O4 - HKCU\..\Run: [System] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [Multimedia extensions] mservice.exe
O4 - HKCU\..\Run: [Microsoft Internet Acceleration Utility] iau.exe
O4 - HKCU\..\Run: [Internet Connection Wizard] stisvsq.exe
O4 - HKCU\..\Run: [Games Acceleration] svshost.exe
O4 - HKCU\..\Run: [Internet Mail and News] msqdevl.exe
O4 - HKCU\..\Run: [Microsoft Management Console] lssas.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: AOL Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone:
http://www.pandasoftware.comO15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -
http://housecall60.t...all/xscan60.cabO16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://v5.windowsupd...b?1117038304808O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) -
http://ax.phobos.app.../ITDetector.cabO16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.c...ebio5_1_6_0.cabO20 - Winlogon Notify: drct16 - drct16.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows VisFx Components - Unknown owner - C:\WINDOWS\sdiosvc.exe