sorry I didnt post the panda and ewido logs, I posted the hijack this and the l2mfix as soon as the computer was on but after that I didnt have any time to do anything, I have the scans here, and more, just in case, thanks a lot!
Ewido:---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:40:44 PM, 8/21/2005
+ Report-Checksum: E3A6AA83
+ Scan result:
C:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/byackbox.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/efentlog.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/Muco42d.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/oqjsel.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/syriptpw.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\Administrator\Desktop\l2mfix\backup.zip/guard.tmp -> Spyware.Look2Me : Error during cleaning
:mozilla.87:C:\RECYCLER\NPROTECT\00030063.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.45:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.48:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.50:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.51:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.52:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.53:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.54:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.55:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.56:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.57:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.58:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.59:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.60:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.61:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.62:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.63:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.64:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.65:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.66:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.67:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.68:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.69:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.81:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.82:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.83:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.84:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.85:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.97:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.98:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.99:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.100:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.101:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.108:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.109:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.123:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.124:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.125:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.126:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.127:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Addynamix : Cleaned with backup
:mozilla.171:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.172:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.186:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.188:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.189:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.191:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.192:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.193:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.194:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Valuead : Cleaned with backup
:mozilla.213:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.214:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.215:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.244:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.261:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Realtracker : Cleaned with backup
:mozilla.264:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.265:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.266:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.276:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.277:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.280:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.281:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.282:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.283:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.284:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.289:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.296:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.297:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.298:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.299:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Adorigin : Cleaned with backup
:mozilla.300:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.301:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.312:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.338:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.351:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.354:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.355:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.401:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.407:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.410:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.417:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.418:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.430:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.478:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.479:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.480:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.481:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.482:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.483:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.484:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.485:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.497:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.538:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.545:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.631:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.638:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.640:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.642:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.643:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.644:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.645:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.646:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.647:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.648:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.649:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.651:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.652:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.677:C:\RECYCLER\NPROTECT\00031112.MOZ -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\WINDOWS\system32\InstallAPS.exe -> TrojanDropper.Agent.lu : Cleaned with backup
C:\WINDOWS\system32\installer_MARKETING58.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\WINDOWS\system32\rеgedit.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\system32\VSX1.1.exe -> TrojanDownloader.Small.aal : Cleaned with backup
C:\WINDOWS\system32\ѕуmbols\regedit.exe -> Spyware.PurityScan : Cleaned with backup
::Report End
Panda:the scan finds 13 spyware files and then closes, I might be doing something wrong
Microsoft antispyware (just in case)
8/21/2005 9:42:27 PM::------------------------------------------------------------------
8/21/2005 9:42:27 PM::Initializing Clean - (ScanID: 8BC33A28-8B90-4028-8E6A-B69E8D)
8/21/2005 9:42:27 PM::Clean Threat PersonalMoneyTree (ID:16340)
8/21/2005 9:42:30 PM::Removing file c:\program files\rebate retriever\rebateretriever.exe
8/21/2005 9:42:31 PM::Disable file c:\program files\rebate retriever\rebateretriever.exe and quarantine to C:\Program Files\Microsoft AntiSpyware\Quarantine\5358F092-05F3-41DA-A698-794E78\9A51629D-F797-416D-A66B-741492
8/21/2005 9:42:31 PM::Clean Threat PersonalMoneyTree (ID:16340) Complete
8/21/2005 9:42:31 PM::Unititializing Clean
8/21/2005 9:42:31 PM::------------------------------------------------------------------
WinpfindWARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
UPX! 8/22/2004 5:04:56 PM 69120 C:\WINDOWS\daemon.dll
web-nex 8/6/2005 9:22:58 PM 4138 C:\WINDOWS\mrnaj.dll
Checking %System% folder...
UPX! 9/17/2001 4:29:22 PM 726016 C:\WINDOWS\SYSTEM32\beegd10.ocx
UPX! 7/19/2002 12:05:08 PM 269312 C:\WINDOWS\SYSTEM32\devil.dll
PEC2 9/24/2003 12:23:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
UPX! 7/19/2002 12:06:02 PM 27648 C:\WINDOWS\SYSTEM32\ilu.dll
UPX! 7/19/2002 12:06:42 PM 16384 C:\WINDOWS\SYSTEM32\ilut.dll
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 9:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 9/24/2003 12:02:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
7/3/2005 1:35:30 PM H 0 C:\WINDOWS\inf\oem80.inf
7/6/2005 8:10:22 PM H 0 C:\WINDOWS\inf\oem84.inf
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
6/30/2005 9:06:34 AM S 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
6/30/2005 1:42:18 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
6/30/2005 2:21:10 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
6/30/2005 8:46:18 AM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
6/28/2005 7:12:56 PM S 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
7/2/2005 4:18:16 AM S 9445 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
8/23/2005 11:24:50 AM H 8192 C:\WINDOWS\system32\config\default.LOG
8/23/2005 11:25:04 AM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/23/2005 11:25:00 AM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
8/23/2005 11:29:24 AM H 159744 C:\WINDOWS\system32\config\software.LOG
8/23/2005 11:25:06 AM H 1298432 C:\WINDOWS\system32\config\system.LOG
8/12/2005 7:01:26 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
8/9/2005 2:49:20 PM S 574 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\904590238400AD963F77FAAAADC9BAB5
8/9/2005 2:49:20 PM S 136 C:\WINDOWS\system32\config\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\904590238400AD963F77FAAAADC9BAB5
8/12/2005 4:02:48 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\d31b6e0d-19bf-418c-a652-7c2cd320c595
8/12/2005 4:02:48 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
8/23/2005 11:22:38 AM H 6 C:\WINDOWS\Tasks\SA.DAT
8/18/2005 8:14:48 PM HS 113 C:\WINDOWS\Temp\History\History.IE5\desktop.ini
8/18/2005 8:14:48 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\desktop.ini
8/18/2005 8:25:50 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\0XMF89IJ\desktop.ini
8/18/2005 8:15:34 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\45QZ812N\desktop.ini
8/18/2005 8:25:50 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\CX2NKXIR\desktop.ini
8/18/2005 8:20:52 PM HS 67 C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\K12BSP6J\desktop.ini
Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 9/13/2003 6:24:20 AM 10435584 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 4/7/2003 11:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 10/28/2003 9:02:58 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 9/24/2003 10:40:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 9/24/2003 12:06:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 8/19/2003 6:56:00 AM 143360 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 9/24/2003 1:23:00 AM 36864 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 9/24/2003 8:25:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Texas Instruments Incorporated 2/27/2004 3:32:16 PM 32768 C:\WINDOWS\SYSTEM32\TIControlPanel.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 9/24/2003 10:40:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 9/24/2003 12:06:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 9/24/2003 1:23:00 AM 36864 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 9/24/2003 8:25:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Realtek Semiconductor Corp. 2/17/2004 6:49:14 AM 14193152 C:\WINDOWS\SYSTEM32\DRVSTORE\Alcxwdm_cfb7d3fc0ab7f7a3133a6c25509eaf3479108975\ALSNDMGR.CPL
Intel Corporation 4/7/2003 11:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0003\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
2/20/2005 6:40:36 PM 1926 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk.disabled
2/20/2004 3:45:02 AM 629 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk.disabled
10/28/2003 8:01:18 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Checking files in %ALLUSERSPROFILE%\Application Data folder...
10/27/2003 11:55:20 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
10/28/2003 9:45:30 AM 534 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
10/28/2003 8:01:18 AM HS 84 C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
10/27/2003 11:55:20 PM HS 62 C:\Documents and Settings\Administrator\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Program Files\LeechGet 2005\ShellExtension.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
=
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LDVPMenu
{BDA77241-42F6-11d0-85E2-00AA001FE28C} = C:\Program Files\Common Files\Symantec Shared\SSC\vpshell2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Program Files\LeechGet 2005\ShellExtension.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\LeechGet
{EBDF1F20-C829-14D1-8234-1420AF3E97A9} = C:\Program Files\LeechGet 2005\ShellExtension.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
=
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
{07B18EA9-A523-4961-B6BB-170DE4475CCA} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = :
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Recguard C:\WINDOWS\SMINST\RECGUARD.EXE
hpsysdrv c:\windows\system\hpsysdrv.exe
HPHUPD05 c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
HPHmon05 C:\WINDOWS\System32\hphmon05.exe
KBD C:\HP\KBD\KBD.EXE
PS2 C:\WINDOWS\system32\ps2.exe
CTSysVol C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
vptray C:\PROGRA~1\SYMANT~1\VPTray.exe
CamMonitor c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
VTTimer VTTimer.exe
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
ThrustTSR C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
SchedulingAgent C:\WINDOWS\system32\mstask.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
AllowLegacyWebView 1
AllowUnhashedWebView 1
NoCDBurning 0
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/23/2005 11:31:58 AM
Hijack thisLogfile of HijackThis v1.99.1
Scan saved at 8:58:49 PM, on 8/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\hijackthis\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ThrustTSR] C:\Program Files\Thrustmaster\Thrustmapper\TMTMTSR.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\system32\mstask.exe
O4 - Global Startup: Adobe Gamma Loader.lnk.disabled
O4 - Global Startup: APC UPS Status.lnk.disabled
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Download using LeechGet - file://C:\Program Files\LeechGet 2005\\AddUrl.html
O8 - Extra context menu item: Download using LeechGet Wizard - file://C:\Program Files\LeechGet 2005\\Wizard.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Parse with LeechGet - file://C:\Program Files\LeechGet 2005\\Parser.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.micros...b?1120627405734O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft...free/asinst.cabO16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) -
http://security.syma...n/bin/cabsa.cabO16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abac...abasetup144.cabO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: APC UPS Service - American Power Conversion Corporation - C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
l2mfixL2MFIX find log 1.03d
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif]
"DLLName"="wzcdlg.dll"
"Logon"="WZCEventLogon"
"Logoff"="WZCEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000000
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (
http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Access Control List for Registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify:
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(NI) ALLOW Full access NT AUTHORITY\SYSTEM
(IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-NI) ALLOW Read BUILTIN\Users
(ID-IO) ALLOW Read BUILTIN\Users
(ID-NI) ALLOW Read BUILTIN\Power Users
(ID-IO) ALLOW Read BUILTIN\Power Users
(ID-NI) ALLOW Full access BUILTIN\Administrators
(ID-IO) ALLOW Full access BUILTIN\Administrators
(ID-NI) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access NT AUTHORITY\SYSTEM
(ID-IO) ALLOW Full access CREATOR OWNER
**********************************************************************************
useragent:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"SV1"=""
**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e
Edited by the rssn, 24 August 2005 - 08:13 AM.