Here are the three logs - HJT, Trackgoo, and WinPFind
Logfile of HijackThis v1.99.1
Scan saved at 7:29:12 PM, on 8/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\TrojanHunter 4.2\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Notepad.exe
C:\HJT\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://yahoo.sbc.com/dslR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://yahoo.sbc.com/dslO4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.micros...b?1120182203328O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) -
http://photos.yahoo....plorer1_9us.cabO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"AVG7_EMC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgemc.exe"
"THGuard"="\"C:\\Program Files\\TrojanHunter 4.2\\THGuard.exe\""
"SpySweeper"="\"C:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeper.exe\" /startintray"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
C:\Program Files\Grisoft\AVG Free\avgse.dll
Subkey --- gnkknsgn
{62bdb2c0-18ac-41ce-ac9b-18a2dea2f4b3}
C:\WINDOWS\system32\dnkkn.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9}
C:\PROGRA~1\TROJAN~1.2\contmenu.dll
Subkey --- Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\Program Files\Yahoo!\Common\ymmapi.dll
Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini
dkcc.exe
SpySubtract.lnk
==============================
C:\Documents and Settings\Owner\Start Menu\Programs\Startup
desktop.ini
dkcc.exe
SpySubtract.lnk
desktop.ini
==============================
C:\WINDOWS\system32 cpl files
access.cpl Microsoft Corporation
ALSNDMGR.CPL Realtek Semiconductor Corp.
appwiz.cpl Microsoft Corporation
bthprops.cpl Microsoft Corporation
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
igfxcpl.cpl Intel Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
QuickTime.cpl Apple Computer, Inc.
RTSndMgr.CPL Realtek Semiconductor Corp.
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
winsync 8/20/2005 6:07:30 PM 4523 C:\hijackthis 05 08 20 - 06 05 pm.log
qoologic 8/20/2005 8:10:40 PM 925 C:\log.txt
aspack 8/20/2005 8:10:40 PM 925 C:\log.txt
aspack 8/20/2005 8:08:42 PM 418 C:\win.txt
Checking %ProgramFilesDir% folder...
Checking %WinDir% folder...
Checking %System% folder...
69.59.186.63 8/2/2005 3:03:10 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/2/2005 3:03:10 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/2/2005 3:03:10 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/2/2005 3:03:10 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/2/2005 3:03:10 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/2/2005 3:03:10 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/2/2005 3:03:10 PM 29696 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 7:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
69.59.186.63 8/22/2005 6:09:16 PM 46080 C:\WINDOWS\SYSTEM32\djddjfd.dll
209.66.67.134 8/22/2005 6:09:16 PM 46080 C:\WINDOWS\SYSTEM32\djddjfd.dll
web-nex 8/22/2005 6:09:16 PM 46080 C:\WINDOWS\SYSTEM32\djddjfd.dll
winsync 8/22/2005 6:09:16 PM 46080 C:\WINDOWS\SYSTEM32\djddjfd.dll
69.59.186.63 8/22/2005 6:09:16 PM 10240 C:\WINDOWS\SYSTEM32\dnkkn.dll
209.66.67.134 8/22/2005 6:09:16 PM 10240 C:\WINDOWS\SYSTEM32\dnkkn.dll
web-nex 8/22/2005 6:09:16 PM 10240 C:\WINDOWS\SYSTEM32\dnkkn.dll
winsync 8/22/2005 6:09:16 PM 10240 C:\WINDOWS\SYSTEM32\dnkkn.dll
PTech 8/20/2004 3:56:24 PM 59914 C:\WINDOWS\SYSTEM32\igfxhcsy.lhp
PTech 8/3/2005 10:33:42 AM 520456 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 8/4/2005 8:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 8:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:38 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:46 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 7:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PEC2 8/1/2005 8:21:22 PM 67072 C:\WINDOWS\SYSTEM32\WinStat13.dll
PECompact2 8/1/2005 8:21:22 PM 67072 C:\WINDOWS\SYSTEM32\WinStat13.dll
Checking %System%\Drivers folder and sub-folders...
UPX! 8/12/2005 8:27:50 AM 668704 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
FSG! 8/12/2005 8:27:50 AM 668704 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
aspack 8/12/2005 8:27:50 AM 668704 C:\WINDOWS\SYSTEM32\drivers\avg7core.sys
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
127.0.0.1 generic.vpptechnologies.com
127.0.0.1 images2.vpptechnologies.com
127.0.0.1 main.vpptechnologies.com
127.0.0.1 msxml.vpptechnologies.com
127.0.0.1 qoologic.com
127.0.0.1 adsrv.qoologic.com
127.0.0.1 updates.qoologic.com
127.0.0.1 www.qoologic.com
127.0.0.1 ad-w-a-r-e.com
127.0.0.1 www.ad-w-a-r-e.com
127.0.0.1 belt.abetterinternet.com
127.0.0.1 s.abetterinternet.com
127.0.0.1 thinstall.abetterinternet.com
qoologic 8/20/2005 9:53:34 PM 165207 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.new
PTech 8/20/2005 9:53:34 PM 165207 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.new
abetterinternet.com 8/20/2005 9:53:34 PM 165207 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.new
ad-w-a-r-e.com 8/20/2005 9:53:34 PM 165207 C:\WINDOWS\SYSTEM32\drivers\etc\hosts.new
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
8/22/2005 6:35:12 PM S 2048 C:\WINDOWS\bootstat.dat
6/30/2005 8:43:54 PM H 0 C:\WINDOWS\inf\oem61.inf
6/30/2005 9:10:32 PM RHS 286777 C:\WINDOWS\PCHealth\HelpCtr\PackageStore\package_10.cab
7/8/2005 4:23:18 PM S 12143 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
6/30/2005 9:06:34 AM S 11437 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
7/19/2005 7:18:10 PM S 18913 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
6/30/2005 1:42:18 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
6/30/2005 2:21:10 PM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
6/30/2005 8:46:18 AM S 11084 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
6/28/2005 7:12:56 PM S 11845 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
7/2/2005 3:18:16 AM S 9445 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
8/22/2005 6:35:04 PM H 8192 C:\WINDOWS\system32\config\default.LOG
8/22/2005 6:35:22 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
8/22/2005 6:35:12 PM H 16384 C:\WINDOWS\system32\config\SECURITY.LOG
8/22/2005 6:35:44 PM H 81920 C:\WINDOWS\system32\config\software.LOG
8/22/2005 6:35:16 PM H 913408 C:\WINDOWS\system32\config\system.LOG
8/10/2005 6:54:10 PM H 1024 C:\WINDOWS\system32\config\userdiff.LOG
8/11/2005 3:21:36 PM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
8/22/2005 6:30:24 PM H 6 C:\WINDOWS\Tasks\SA.DAT
8/20/2005 9:48:52 PM H 160 C:\WINDOWS\Temp\CS0203871B-5E81-478E-A831-9F648B0F3B4F.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS02405123-B0FE-4C6E-B0FD-D189DD9500AD.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS0B93A311-BB9A-4665-8D52-0276902713AE.tmp
8/20/2005 9:52:30 PM H 1670318 C:\WINDOWS\Temp\CS0FD41C7C-513A-442A-84AD-A1773E7C0C86.tmp
8/20/2005 9:49:08 PM H 48 C:\WINDOWS\Temp\CS11C71C31-DCF0-477C-B002-29E15E4D6CD1.tmp
8/20/2005 9:49:08 PM H 162 C:\WINDOWS\Temp\CS1294988C-E6A8-4CF9-ACF1-6A2CDF347313.tmp
8/20/2005 9:49:08 PM H 120 C:\WINDOWS\Temp\CS148ECEFF-B530-4AF7-B3CF-A1099E5C2D94.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS170AB0A7-A77F-485F-8492-FBDE0D74F66A.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS199C975A-8ECB-43AB-9696-B33B09744A5D.tmp
8/20/2005 9:48:52 PM H 0 C:\WINDOWS\Temp\CS1BEC1167-43AD-4F84-80CE-96C642489847.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS1F377457-AC25-4639-AEFE-9C0F1AD30ED1.tmp
8/20/2005 9:49:08 PM H 14 C:\WINDOWS\Temp\CS225D4B55-3E6F-4FEF-8BC1-86721C46C7E5.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS245A950E-2C39-4352-8ED0-AF43B930D1F1.tmp
8/20/2005 9:48:52 PM H 2163462 C:\WINDOWS\Temp\CS2711B877-BB11-4CF7-8CA5-16EB067B7CE1.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS281E59EA-F6F3-46F3-854E-26B1FBFB2A59.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS2D93852A-954E-42E7-9E7B-DCCB21AE5063.tmp
8/20/2005 9:48:52 PM H 0 C:\WINDOWS\Temp\CS32C41446-3BE4-437D-91D3-9539353F8224.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS33326859-5BF6-4922-9507-D44DAD19C733.tmp
8/20/2005 9:49:08 PM H 118 C:\WINDOWS\Temp\CS36A54770-6D23-401E-98AA-AD8F54E3A2F5.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS36E6DCA9-703D-4E27-B288-F386DB89D92E.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS3A1464A7-3536-4F0C-9EFC-B38449B02CC9.tmp
8/20/2005 9:49:08 PM H 136 C:\WINDOWS\Temp\CS3CAF14A4-A6F6-4678-98B3-28A821D559DF.tmp
8/20/2005 9:48:52 PM H 128 C:\WINDOWS\Temp\CS42E0B394-BD77-4B83-B702-497E6BC6B7B2.tmp
8/20/2005 9:49:08 PM H 48 C:\WINDOWS\Temp\CS48108546-74D9-4BB5-88F7-8EA7396C787A.tmp
8/20/2005 9:48:52 PM H 6128 C:\WINDOWS\Temp\CS4882CC00-A4CB-4C47-8BE4-765178365296.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS49ECC48B-AF1D-4449-AEEC-26BD254AF407.tmp
8/20/2005 9:49:08 PM H 100 C:\WINDOWS\Temp\CS4CFF6B96-3BCC-4063-A74C-12E52A087967.tmp
8/20/2005 9:48:52 PM H 0 C:\WINDOWS\Temp\CS547D6FA7-B91A-4477-8FEA-96CA94D797B9.tmp
8/20/2005 9:49:08 PM H 68 C:\WINDOWS\Temp\CS571BB776-8C1B-40CC-BE04-F49A6D2625FC.tmp
8/20/2005 9:52:28 PM H 1494 C:\WINDOWS\Temp\CS57A49591-6CE0-42B8-B129-AA4EDE157F9D.tmp
8/20/2005 9:49:08 PM H 100 C:\WINDOWS\Temp\CS5B2AA9ED-9A26-4474-B229-2F6964516353.tmp
8/20/2005 9:48:52 PM H 23352 C:\WINDOWS\Temp\CS5BB7335D-1F24-41FF-99A6-2C64B68EDCCC.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS606ABBC7-BBCA-445A-9168-B417A9AB572A.tmp
8/20/2005 9:48:52 PM H 30 C:\WINDOWS\Temp\CS60E93E75-3D5F-42E1-8B14-BA48310D225B.tmp
8/20/2005 9:52:28 PM H 414830 C:\WINDOWS\Temp\CS617D06F2-F342-4E43-A546-79E3590D4B14.tmp
8/20/2005 9:48:52 PM H 0 C:\WINDOWS\Temp\CS633B13D1-7867-402F-BFC9-5B832405F8F7.tmp
8/20/2005 9:49:08 PM H 410 C:\WINDOWS\Temp\CS67C54E5D-A86D-4C43-9281-D00AF416892A.tmp
8/20/2005 9:49:08 PM H 410 C:\WINDOWS\Temp\CS695E65FF-4F4A-4404-BDBD-39F9A087662F.tmp
8/20/2005 9:49:08 PM H 502 C:\WINDOWS\Temp\CS6E777458-170A-46BC-856A-85759C171801.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS71B3F022-F3D1-48CC-A885-5A6976F02C4F.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS72E97457-E376-45ED-A5BF-6932B9854365.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS74E88E16-8B73-4B70-A3F4-0B16F297F85B.tmp
8/20/2005 9:49:08 PM H 42 C:\WINDOWS\Temp\CS766AAD2D-9499-427C-9A9B-27D847A96712.tmp
8/20/2005 9:49:08 PM H 120 C:\WINDOWS\Temp\CS766FA51E-8FEE-4968-B73D-C092351E7D8D.tmp
8/20/2005 9:52:28 PM H 626 C:\WINDOWS\Temp\CS7876CDF7-4E35-413F-9530-86F9F7928B1E.tmp
8/20/2005 9:48:52 PM H 0 C:\WINDOWS\Temp\CS7B53CBEA-1D5F-4D18-ADF9-2D4AFAB32343.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS7C00DF43-F606-4A85-B51B-FBA4C9CD802E.tmp
8/20/2005 9:52:28 PM H 1368000 C:\WINDOWS\Temp\CS7C424362-7E68-467D-B04B-F0778E63D653.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS7C6B2E0A-CC69-49EF-A2A5-14369AED6C1C.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS7CE78C80-9D14-425D-821B-FE3B2FF24080.tmp
8/20/2005 9:48:52 PM H 68241 C:\WINDOWS\Temp\CS8285859E-E736-4705-86C3-B7CB4A55C9B1.tmp
8/20/2005 9:48:52 PM H 5464 C:\WINDOWS\Temp\CS8C410D13-F0FE-444F-99F4-6B32B3B12FD8.tmp
8/20/2005 9:48:52 PM H 39720 C:\WINDOWS\Temp\CS8E36BFB4-9202-45FF-AC63-E0892A4BEBCC.tmp
8/20/2005 9:48:52 PM H 1059112 C:\WINDOWS\Temp\CS917ECC70-DA23-42A2-A4CE-7F9D0C837AAC.tmp
8/20/2005 9:48:52 PM H 1455886 C:\WINDOWS\Temp\CS92671FBC-BB32-4273-8C97-B64166D43B6A.tmp
8/20/2005 9:49:08 PM H 50 C:\WINDOWS\Temp\CS93502316-8E1B-4341-845E-ED0D824FD9B7.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CS9BDA8460-D0E4-4F97-911F-7A098AB564A7.tmp
8/20/2005 9:49:08 PM H 48 C:\WINDOWS\Temp\CS9CE691E7-2F7C-4B03-A5FA-D671E803D8E5.tmp
8/20/2005 9:48:52 PM H 547202 C:\WINDOWS\Temp\CS9FEA72FA-182C-434B-B59F-FCF32DC9ED40.tmp
8/20/2005 9:48:52 PM H 38178 C:\WINDOWS\Temp\CSA1F8C3CC-AD08-4F2B-ADC8-22BCE9C15274.tmp
8/20/2005 9:49:08 PM H 30 C:\WINDOWS\Temp\CSAAB89613-A09D-4D6B-9ABB-6188C8AFCD45.tmp
8/20/2005 9:52:28 PM H 80652 C:\WINDOWS\Temp\CSAC2BB1B8-B73E-4482-AFBD-A18842862258.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSACAD2BFA-3CA3-4E5F-BCA5-D57C6CE8CFC1.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSACE18B06-4371-4D33-B876-8807CFFD3A2A.tmp
8/20/2005 9:48:52 PM H 3366 C:\WINDOWS\Temp\CSB1580AC5-321D-471F-8D7E-815F6147DBEE.tmp
8/20/2005 9:48:52 PM H 306 C:\WINDOWS\Temp\CSB4A41D26-B6F3-4755-A537-FD01F9905CC5.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSB6E26C71-A116-4BA5-B576-5CE189F242C8.tmp
8/20/2005 9:48:52 PM H 204 C:\WINDOWS\Temp\CSB918D257-1C3F-4732-B0B0-2B2D5B878C8D.tmp
8/20/2005 9:48:52 PM H 102268 C:\WINDOWS\Temp\CSBA0DD49F-FA07-4DFD-89D4-D4F8776E266B.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSBB464757-A7B0-492A-BD36-2BD47457BFA2.tmp
8/20/2005 9:49:08 PM H 434 C:\WINDOWS\Temp\CSBC451E0C-C08C-4473-A842-DB1D59BC415F.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSBEAF1E93-04AD-44C4-BC8E-57CC85A868D3.tmp
8/20/2005 9:48:52 PM H 32 C:\WINDOWS\Temp\CSBFB5C291-B80A-4858-A84C-A4C722ADAF70.tmp
8/20/2005 9:48:52 PM H 1272804 C:\WINDOWS\Temp\CSC14BD10C-5E57-4ABE-9D25-30E08FF3E7CC.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSC60CA65E-93FB-44C6-BB3D-C5E270D9AABA.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSC6B0B63A-F4A1-495B-B7B9-E5D647662C5A.tmp
8/20/2005 9:49:08 PM H 96 C:\WINDOWS\Temp\CSC7A430F9-2A80-4E90-9223-5C1666B6FF42.tmp
8/20/2005 9:49:08 PM H 450 C:\WINDOWS\Temp\CSC8B25781-D3C0-4359-A91A-CF91ECAABB5F.tmp
8/20/2005 9:52:28 PM H 706 C:\WINDOWS\Temp\CSC9D7869D-E804-4972-BF9C-D657931345EC.tmp
8/20/2005 9:49:08 PM H 196 C:\WINDOWS\Temp\CSCBFA27BF-8C32-4356-AE00-F09AF9791C2C.tmp
8/20/2005 9:49:08 PM H 124 C:\WINDOWS\Temp\CSD7C44097-B504-4922-8B67-0E1A114CD0D8.tmp
8/20/2005 9:52:28 PM H 622 C:\WINDOWS\Temp\CSD7EC9374-1E46-4FBD-B879-34E320C7906D.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSD81B23F0-78F6-4BB2-8023-67745151CE98.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSDC5E23B9-2DC1-495A-86AA-6A2464D288DD.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSDD872F50-F25A-4918-9DFE-007EEC72CABF.tmp
8/20/2005 9:48:52 PM H 904636 C:\WINDOWS\Temp\CSE0861A9E-27B4-4797-8CB3-4A48CC8CD8AF.tmp
8/20/2005 9:49:08 PM H 30 C:\WINDOWS\Temp\CSE0FAA4BF-518C-494F-99E2-1987C4E1233D.tmp
8/20/2005 9:52:28 PM H 592 C:\WINDOWS\Temp\CSE63138D5-3E00-495A-AF42-79F7BA9B2994.tmp
8/20/2005 9:49:08 PM H 114 C:\WINDOWS\Temp\CSEB254307-6091-4974-AB05-26FD5C82D4BD.tmp
8/20/2005 9:49:08 PM H 100 C:\WINDOWS\Temp\CSEB8F3067-92C8-464B-9804-1CD555A7FAD4.tmp
8/20/2005 9:49:08 PM H 42 C:\WINDOWS\Temp\CSEC644B47-A8C4-4B7C-8F7F-79B2CCAE5EB6.tmp
8/20/2005 9:49:08 PM H 102 C:\WINDOWS\Temp\CSEDAEB835-4F99-4E11-8B3C-F9079978882B.tmp
8/20/2005 9:48:52 PM H 0 C:\WINDOWS\Temp\CSF0639036-C23B-429C-9F75-4EC1916C2CB6.tmp
8/20/2005 9:49:08 PM H 10 C:\WINDOWS\Temp\CSF4CA7A5E-721A-42AE-8047-109C67B3002D.tmp
8/20/2005 9:48:52 PM H 240 C:\WINDOWS\Temp\CSF59F70B1-7385-4C88-BACE-C0B4A8698331.tmp
8/20/2005 9:52:28 PM H 652 C:\WINDOWS\Temp\CSF955EA27-9128-4C4E-9752-6E603F2F900A.tmp
8/20/2005 9:52:28 PM H 822 C:\WINDOWS\Temp\CSFA666D4E-FA29-43DE-97DE-A0C10CB33AE8.tmp
8/20/2005 9:49:08 PM H 104 C:\WINDOWS\Temp\CSFB393D61-DBE1-46F5-9611-DE82184B868B.tmp
8/20/2005 9:49:08 PM H 426 C:\WINDOWS\Temp\CSFC132CBF-36FA-4D66-AE4E-55897281B564.tmp
8/20/2005 9:49:08 PM H 518 C:\WINDOWS\Temp\CSFEA7E335-3A20-4A19-AF77-1971AEE30C27.tmp
8/20/2005 9:52:28 PM H 746 C:\WINDOWS\Temp\CSFFEC542A-F0AB-4C5C-A442-2265AD08C1FB.tmp
Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Realtek Semiconductor Corp. 4/6/2005 6:58:48 PM 294912 C:\WINDOWS\SYSTEM32\ALSNDMGR.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 8/20/2004 3:53:06 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 5/12/2004 2:26:58 AM 61555 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 12/14/2003 6:20:50 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Realtek Semiconductor Corp. 3/17/2005 11:43:34 AM 262144 C:\WINDOWS\SYSTEM32\RTSndMgr.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 187904 C:\WINDOWS\SYSTEM32\dllcache\main.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/29/2002 7:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl
Intel Corporation 4/20/2004 7:45:12 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0002\DriverFiles\igfxcpl.cpl
Intel Corporation 8/20/2004 3:53:06 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0012\DriverFiles\igfxcpl.cpl
Realtek Semiconductor Corp. 5/4/2004 2:05:08 PM 309760 C:\WINDOWS\SYSTEM32\ReinstallBackups\0019\DriverFiles\ALSNDMGR.CPL
Intel Corporation 4/20/2004 7:45:12 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0020\DriverFiles\igfxcpl.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
5/12/2004 1:25:40 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
8/22/2005 6:09:16 PM 91648 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dkcc.exe
8/20/2005 2:27:58 PM 798 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SpySubtract.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
5/11/2004 6:20:28 PM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
5/12/2004 4:47:04 AM 1221 C:\Documents and Settings\All Users\Application Data\hpzinstall.log
Checking files in %USERPROFILE%\Startup folder...
5/12/2004 1:25:40 AM HS 84 C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
Checking files in %USERPROFILE%\Application Data folder...
5/11/2004 6:20:28 PM HS 62 C:\Documents and Settings\Owner\Application Data\desktop.ini
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
acc=marketingsector =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{D7B550E3-6C2F-4A44-89A4-7E0DF8AFA021} = C:\WINDOWS\system32\nymarta.dll
{B82E4360-8D09-4059-BB1C-EBD6FA7CBA20} = C:\WINDOWS\system32\scssetup.dll
{370A3778-154C-4248-9750-27F7CDB7C027} =
{5D9E0E53-80CA-4541-85CA-0CC0D6D94107} = C:\WINDOWS\system32\okecnv32.dll
{55DCE8ED-52C1-45F4-B643-BB60162ADA00} = C:\WINDOWS\system32\khdit142.dll
{7EC8EC39-D42B-4732-B75D-2D9DD6C55C11} = C:\WINDOWS\system32\cgyptdlg.dll
{BEF8D5D1-AF21-4A88-A65F-0CB89CA3A507} = C:\WINDOWS\system32\ksdic.dll
{6CF4B522-CAF5-43CD-B51E-FBF341A951E2} = C:\WINDOWS\system32\rfvpsp.dll
{A77A1C52-B3E0-4F61-9A1D-332718B0627E} = C:\WINDOWS\system32\ivclass.dll
{EA1988B9-E0A2-425F-9931-334D42F4FBAD} = C:\WINDOWS\system32\hzvaut32.dll
{42DCBA55-4096-483E-BCB5-62747C0B436C} = C:\WINDOWS\system32\sdreamci.dll
{F1AF25CC-1B93-4806-A076-361FA9701F82} = C:\WINDOWS\system32\lycdll.dll
{47AE0A33-F176-4EAD-A1AC-613E64E8F92F} = C:\WINDOWS\system32\ocbccu32.dll
{05D9AC8A-DB46-4DD4-BF71-0BC9690E95E0} = C:\WINDOWS\system32\mqcans32.dll
{9AD8E0B8-AD23-4BB3-83AB-A865FF03C2D0} = C:\WINDOWS\system32\mxcbase.dll
{14FC9918-5133-48F9-A0B3-55D0D5DA989C} = C:\WINDOWS\system32\ubiplat.dll
{CEBC3E04-5F1C-457B-ADB1-A10AEF803076} = C:\WINDOWS\system32\cVbview.dll
{0B40F6D4-88C2-4E95-8AC4-2F93993FA524} = C:\WINDOWS\system32\stncui.dll
{10ED04FD-DC2E-44AB-ABE0-BB8B4E35FBDF} = C:\WINDOWS\system32\com.dll
{6245B736-D5FD-4CB9-B9D9-48BEE0260F6C} = C:\WINDOWS\system32\rXsctrs.dll
{1553DA6A-FAC3-4F80-8FBD-363CDDB01178} = C:\WINDOWS\system32\hkreg.dll
{DC8A0D29-8EBB-4865-B409-F5AB5D181A8F} = C:\WINDOWS\system32\nfh21.dll
{FE9EB2CF-A985-49B5-B9FC-1C97624A9070} = C:\WINDOWS\system32\sCmlib.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\gnkknsgn
{62bdb2c0-18ac-41ce-ac9b-18a2dea2f4b3} = C:\WINDOWS\system32\dnkkn.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} = C:\Program Files\Grisoft\AVG Free\avgse.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\SpySweeper
{7C9D5882-CB4A-4090-96C8-430BFE8B795B} = C:\PROGRA~1\Webroot\SPYSWE~1\SSCtxMnu.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{8F4902B6-6C04-4ade-8052-AA58578A21BD}
hp view = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\system32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
ButtonText = Yahoo! Login :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
KBD C:\HP\KBD\KBD.EXE
AVG7_CC C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
AVG7_EMC C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
trdh C:\WINDOWS\system32\trdh.exe
rlxscpf C:\WINDOWS\system32\rlxscpf.exe
ysmzypg C:\WINDOWS\system32\ysmzypg.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ddecde C:\WINDOWS\system32\ddecde.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/22/2005 6:43:25 PM