Thanks! Here are the new scan results!
Logfile of HijackThis v1.99.1
Scan saved at 6:15:22 PM, on 9/30/2005
Platform: Windows 2000 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 (5.00.2920.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\regsvc.exe
C:\WINDOWS\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WBEM\WinMgmt.exe
C:\WINDOWS\System32\mspmspsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\YourMonitor.exe
C:\Program Files\Winamp\Winampa.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\Sys98.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Juno\exec.exe
C:\Program Files\Canon\MultiPASS\monitr32.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\WINDOWS\System32\Notepad.exe
C:\My Documents\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.sina.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.sina.com/R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by BellSouth
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [YourMonitor] C:\WINDOWS\YourMonitor
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [testit.exe] C:\WINDOWS\system32\testit.exe
O4 - HKLM\..\Run: [System service65] C:\WINDOWS\etb\pokapoka65.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [TagASaurus] C:\Program Files\TagASaurus\TagASaurus
O4 - HKCU\..\Run: [Sys98] C:\WINDOWS\Sys98.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Juno_uoltray] C:\Program Files\Juno\exec.exe regrun
O4 - Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Canon MultiPASS Status Monitor.lnk = C:\Program Files\Canon\MultiPASS\monitr32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
O8 - Extra context menu item: &Define - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Dell Home - {EE117DAA-A30B-40FC-945C-38AE1B80C1FA} -
http://www.dellnet.com (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) -
http://support.fasta...oad/tgctlcm.cabO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft....k/?linkid=39204O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) -
http://by102fd.bay10...ex/HMAtchmt.ocxO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\ZGVmYXVsdAAA\command.exe (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: MPService - Unknown owner - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"YourMonitor"="C:\\WINDOWS\\YourMonitor"
"WinampAgent"="\"C:\\Program Files\\Winamp\\Winampa.exe\""
"testit.exe"="C:\\WINDOWS\\system32\\testit.exe"
"System service65"="C:\\WINDOWS\\etb\\pokapoka65.exe"
"Synchronization Manager"="mobsync.exe /logon"
"SunJavaUpdateSched"="C:\\Program
Files\\Java\\jre1.5.0\\bin\\jusched.exe"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec
Shared\\Security Center\\UsrPrmpt.exe"
"RecoverFromReboot"="C:\\WINDOWS\\Temp\\RecoverFromReboot.exe"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe
SYSTEMBOOTHIDEPLAYER"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\"
-atboottime"
"NeroCheck"="C:\\WINDOWS\\System32\\NeroCheck.exe"
"gcasServ"="\"C:\\Program Files\\Microsoft AntiSpyware\\gcasServ.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec
Shared\\ccApp.exe\""
"BJCFD"="C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe"
"TagASaurus"="C:\\Program Files\\TagASaurus\\TagASaurus"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Option
alComponents]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Option
alComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Option
alComponents\MAPI]
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Option
alComponents\MSFS]
"Installed"="1"
-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers
Subkey --- BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll
Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
cscui.dll
Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\shell32.dll
Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\shell32.dll
Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll
Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
=====================
HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers
Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\shell32.dll
Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\shell32.dll
Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\shell32.dll
Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\System32\docprop2.dll
Subkey --- {7ab770c7-0e23-4d7a-8aa2-19bfad479829}
C:\WINDOWS\system32\SHELL32.DLL
Subkey --- {7f9609be-af9a-11d1-83e0-00c04fb6e984}
C:\WINDOWS\system32\faxshell.dll
Subkey --- {884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
C:\WINDOWS\System32\docprop2.dll
==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk
Canon MultiPASS Status Monitor.lnk
Microsoft Office.lnk
Microsoft Works Calendar Reminders.lnk
==============================
C:\Documents and Settings\default\Start Menu\Programs\Startup
Adobe Gamma Loader.exe.lnk
Canon MultiPASS Status Monitor.lnk
Microsoft Office.lnk
Microsoft Works Calendar Reminders.lnk
Adobe Gamma Loader.exe.lnk
Microsoft Office.lnk
==============================
C:\WINDOWS\SYSTEM32 cpl files
access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
CAMCPL.CPL FotoNation inc.
csacpl.cpl Conexant Systems
desk.cpl Microsoft Corporation
fax.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
jpicpl32.cpl Sun Microsystems, Inc.
main.cpl Microsoft Corporation
mmsys.cpl Microsoft Corporation
ncpa.cpl Microsoft Corporation
nwc.cpl Microsoft Corporation
odbccp32.cpl Microsoft Corporation
powercfg.cpl Microsoft Corporation
prefscpl.cpl RealNetworks, Inc.
QuickTime.cpl Apple Computer, Inc.
S32LUCP1.CPL Symantec Corporation
sticpl.cpl Microsoft Corporation
sysdm.cpl Microsoft Corporation
telephon.cpl Microsoft Corporation
telephon.old.cpl Microsoft Corporation
THEMES.CPL Microsoft Corporation
timedate.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.
If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.
»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows 2000 Current Build: Current Build Number: 2195
Internet Explorer Version: 5.00.2920.0000
»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»
Checking %SystemDrive% folder...
WinShutDown 9/24/2005 9:04:40 AM 10096 C:\log.txt
UPX! 5/19/2003 12:18:56 PM 343103505 C:\ms 2000.zip
PEC2 5/19/2003 12:18:56 PM 343103505 C:\ms 2000.zip
UPX! 11/22/2003 2:22:46 AM 26084439 C:\NAV10ESD.exe
PEC2 11/6/2001 11:51:44 AM 10236296 C:\rp500enu(acrobat 5).exe
aspack 6/13/2002 12:19:34 PM 276185 C:\sinaisp_dialup.exe
UPX! 6/10/2001 4:59:48 AM 342232792 C:\SQL2000.zip
UPX! 1/12/2005 9:53:08 PM 43285 C:\stbrws14.exe
qoologic 9/28/2005 10:26:04 PM 1484536 C:\winzip.log
Checking %ProgramFilesDir% folder...
UPX! 1/10/2005 3:06:10 PM 4918270 C:\Program Files\Firefox Setup 1.0.exe
Checking %WinDir% folder...
UPX! 8/26/2002 11:58:50 AM 84480 C:\WINDOWS\cptcnsysk.exe
UPX! 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
FSG! 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
PEC2 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
PECompact2 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
Umonitor 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
qoologic 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
aspack 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
PTech 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
urllogic 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
ad-beh 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
ad-behNior.com 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
sYVLLSAKY 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
_rtneg3 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
SAHAgent 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
buddy.exe 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
ZepMon 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
aurora.exe 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
;2x(V]@BMD 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
Tlji7Mk 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
KavSvc 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
69.59.186.63 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
209.66.67.134 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
66.63.167.97 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
66.63.167.77 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
abetterinternet.com 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
8B!7F\(T 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
testpopup 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
web-nex 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
yourkey 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
winsync 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
rec2_run 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
WinShutDown 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
ad-w-a-r-e.com 9/26/2005 11:30:18 PM 266719232 C:\WINDOWS\MEMORY.DMP
UPX! 11/16/2003 4:38:10 PM 965632 C:\WINDOWS\vsapi32.dll
aspack 11/16/2003 4:38:10 PM 965632 C:\WINDOWS\vsapi32.dll
Checking %System% folder...
PTech 8/29/2005 1:27:12 PM 520968 C:\WINDOWS\SYSTEM32\LegitCheckControl.DLL
PECompact2 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 9:36:32 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
Umonitor 12/7/1999 2:00:00 AM 526608 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 9/29/2004 9:30:04 AM 72704 C:\WINDOWS\SYSTEM32\thinInstOIT61MegaV2s.dlltmp
aspack 9/29/2004 9:30:04 AM 72704 C:\WINDOWS\SYSTEM32\thinInstOIT61MegaV2s.dlltmp
UPX! 4/4/2000 4:19:12 AM 91136 C:\WINDOWS\SYSTEM32\uxecre.exe
winsync 12/7/1999 2:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
Checking %System%\Drivers folder and sub-folders...
Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts
Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
9/28/2005 9:36:32 PM H 271 C:\WINDOWS\desktop.ini
9/28/2005 9:36:32 PM H 21692 C:\WINDOWS\FOLDER.HTT
9/29/2005 8:06:54 PM H 24 C:\WINDOWS\ptYvb
9/29/2005 6:53:42 PM H 54156 C:\WINDOWS\QTFont.qfn
9/22/2005 8:12:18 PM H 118784 C:\WINDOWS\Application Data\Microsoft\Windows\UsrClass.dat
9/22/2005 8:12:18 PM H 1024 C:\WINDOWS\Application Data\Microsoft\Windows\UsrClass.dat.LOG
9/29/2005 8:07:12 PM S 64 C:\WINDOWS\CSC\00000001
9/28/2005 10:21:02 PM S 64 C:\WINDOWS\CSC\00000002
9/26/2005 11:28:56 PM S 64 C:\WINDOWS\CSC\csc1.tmp
9/28/2005 9:36:32 PM H 65 C:\WINDOWS\Downloaded Program Files\desktop.ini
9/28/2005 9:36:52 PM HS 67 C:\WINDOWS\FONTS\desktop.ini
9/18/2005 10:19:02 PM H 10820 C:\WINDOWS\HELP\nocontnt.GID
9/22/2005 7:25:48 PM H 0 C:\WINDOWS\inf\oem11.inf
8/20/2005 11:14:08 PM H 0 C:\WINDOWS\inf\oem8.inf
9/5/2005 10:49:26 AM H 0 C:\WINDOWS\inf\oem9.inf
9/28/2005 9:36:32 PM H 65 C:\WINDOWS\Offline Web Pages\desktop.ini
9/28/2005 10:08:16 PM H 1495040 C:\WINDOWS\repair\ntuser.dat
9/28/2005 9:36:32 PM H 271 C:\WINDOWS\SYSTEM32\desktop.ini
9/28/2005 9:36:32 PM H 21692 C:\WINDOWS\SYSTEM32\folder.htt
9/29/2005 6:54:18 PM H 1024 C:\WINDOWS\SYSTEM32\config\DEFAULT.LOG
9/29/2005 10:12:24 PM H 1024 C:\WINDOWS\SYSTEM32\config\SAM.LOG
9/29/2005 10:10:26 PM H 1024 C:\WINDOWS\SYSTEM32\config\SECURITY.LOG
9/29/2005 10:14:26 PM H 1024 C:\WINDOWS\SYSTEM32\config\SOFTWARE.LOG
9/28/2005 11:25:22 AM H 1024 C:\WINDOWS\SYSTEM32\config\system.LOG
9/28/2005 11:25:20 AM H 1024 C:\WINDOWS\SYSTEM32\config\userdiff.LOG
9/28/2005 10:08:52 PM H 1024 C:\WINDOWS\SYSTEM32\config\userdifr.LOG
9/3/2005 9:52:52 AM HS 336 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\4f192a26-5945-48ec-9954-be553e73f93b
9/3/2005 9:52:52 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
9/29/2005 8:07:14 PM H 6 C:\WINDOWS\TASKS\SA.DAT
9/28/2005 9:36:34 PM H 842 C:\WINDOWS\WEB\BULLET.GIF
9/28/2005 9:36:32 PM H 90056 C:\WINDOWS\WEB\CLASSIC.BMP
9/28/2005 9:36:32 PM H 634 C:\WINDOWS\WEB\CLASSIC.HTT
9/28/2005 9:36:32 PM H 4659 C:\WINDOWS\WEB\CONTROLP.HTT
9/28/2005 9:36:32 PM H 5296 C:\WINDOWS\WEB\DEFAULT.HTT
9/28/2005 9:36:34 PM H 830 C:\WINDOWS\WEB\DESKMOVR.HTT
9/28/2005 9:36:32 PM H 8898 C:\WINDOWS\WEB\DIALUP.HTT
9/28/2005 9:36:34 PM H 2642 C:\WINDOWS\WEB\EXCLAM.GIF
9/28/2005 9:36:32 PM H 31080 C:\WINDOWS\WEB\FOLDER.BMP
9/28/2005 9:36:32 PM H 3210 C:\WINDOWS\WEB\FOLDER.HTT
9/28/2005 9:36:34 PM H 19355 C:\WINDOWS\WEB\FSRESULT.HTT
9/28/2005 9:36:34 PM H 10766 C:\WINDOWS\WEB\ftp.htt
9/28/2005 9:36:34 PM H 16981 C:\WINDOWS\WEB\imgview.htt
9/28/2005 9:36:34 PM H 56 C:\WINDOWS\WEB\MINCOLD.GIF
9/28/2005 9:36:34 PM H 77 C:\WINDOWS\WEB\MINHOT.GIF
9/28/2005 9:36:32 PM H 13280 C:\WINDOWS\WEB\nethood.htt
9/28/2005 9:36:34 PM H 59 C:\WINDOWS\WEB\PLUSCOLD.GIF
9/28/2005 9:36:34 PM H 80 C:\WINDOWS\WEB\PLUSHOT.GIF
9/28/2005 9:36:34 PM H 31080 C:\WINDOWS\WEB\PREVIEW.BMP
9/28/2005 9:36:32 PM H 13798 C:\WINDOWS\WEB\PRINTERS.HTT
9/28/2005 9:36:32 PM H 11149 C:\WINDOWS\WEB\RECYCLE.HTT
9/28/2005 9:36:34 PM H 2913 C:\WINDOWS\WEB\SAFEMODE.HTT
9/28/2005 9:36:32 PM H 6489 C:\WINDOWS\WEB\SCHEDULE.HTT
9/28/2005 9:36:34 PM H 28565 C:\WINDOWS\WEB\STANDARD.HTT
9/28/2005 9:36:32 PM H 31080 C:\WINDOWS\WEB\STARTER.BMP
9/28/2005 9:36:32 PM H 1024 C:\WINDOWS\WEB\STARTER.HTT
9/28/2005 9:36:32 PM H 1316 C:\WINDOWS\WEB\WEBVIEW.CSS
9/28/2005 9:36:34 PM H 31438 C:\WINDOWS\WEB\WEBVIEW.JS
9/28/2005 9:36:32 PM H 8248 C:\WINDOWS\WEB\WVLEFT.BMP
9/28/2005 9:36:32 PM H 54 C:\WINDOWS\WEB\WVLINE.GIF
9/28/2005 9:36:32 PM H 14865 C:\WINDOWS\WEB\WVLOGO.GIF
9/28/2005 9:36:34 PM H 12403 C:\WINDOWS\WEB\wvnet.gif
Checking for CPL files...
Microsoft Corporation 12/7/1999 10:00:00 AM 67344 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 296208 C:\WINDOWS\SYSTEM32\appwiz.cpl
FotoNation inc. 10/26/1998 8:26:20 PM 26624 C:\WINDOWS\SYSTEM32\CAMCPL.CPL
Conexant Systems 1/30/2002 11:52:54 PM 316928 C:\WINDOWS\SYSTEM32\csacpl.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 236816 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 31504 C:\WINDOWS\SYSTEM32\fax.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 128272 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 257296 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 118032 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 36112 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 60688 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 1/16/2005 1:14:52 PM 49262 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 122128 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 303888 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 17168 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 41232 C:\WINDOWS\SYSTEM32\nwc.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 41232 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 90896 C:\WINDOWS\SYSTEM32\powercfg.cpl
RealNetworks, Inc. 10/13/2002 5:08:26 PM 24576 C:\WINDOWS\SYSTEM32\prefscpl.cpl
Apple Computer, Inc. 12/14/2003 9:20:50 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Symantec Corporation 6/15/2000 1:43:14 AM 32768 C:\WINDOWS\SYSTEM32\S32LUCP1.CPL
Microsoft Corporation 12/7/1999 2:00:00 AM 83216 C:\WINDOWS\SYSTEM32\sticpl.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 125200 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 5904 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 12/7/1999 10:00:00 AM 5904 C:\WINDOWS\SYSTEM32\telephon.old.cpl
Microsoft Corporation 6/8/2000 7:00:00 AM 15360 C:\WINDOWS\SYSTEM32\THEMES.CPL
Microsoft Corporation 12/7/1999 2:00:00 AM 61200 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 41232 C:\WINDOWS\SYSTEM32\dllcache\nwc.cpl
Microsoft Corporation 12/7/1999 2:00:00 AM 41232 C:\WINDOWS\SYSTEM32\dllcache\odbccp32.cpl
»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»
Checking files in %ALLUSERSPROFILE%\Startup folder...
4/28/2002 12:54:46 PM 703 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
3/28/2003 8:11:08 AM 1454 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Canon MultiPASS Status Monitor.lnk
3/10/2003 7:27:58 AM 1572 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/10/2002 8:29:24 PM 849 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
Checking files in %ALLUSERSPROFILE%\Application Data folder...
Checking files in %USERPROFILE%\Startup folder...
4/28/2002 12:57:26 PM 703 C:\Documents and Settings\default\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
9/8/2005 9:28:58 PM 1672 C:\Documents and Settings\default\Start Menu\Programs\Startup\Microsoft Office.lnk
Checking files in %USERPROFILE%\Application Data folder...
4/4/2004 7:21:42 AM 0 C:\Documents and Settings\default\Application Data\dm.ini
UPX! 1/10/2005 3:48:12 PM 184680 C:\Documents and Settings\default\Application Data\shb.dat
9/13/2005 5:21:22 PM 30 C:\Documents and Settings\default\Application Data\tvmcwrd.dll
9/11/2005 10:04:04 PM 452888 C:\Documents and Settings\default\Application Data\tvmknwrd.dll
»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
{FEF10FA2-355E-4e06-9381-9B24D7F7CC88} = C:\WINDOWS\system32\SHELL32.DLL
{53C74826-AB99-4d33-ACA4-3117F51D3788} = C:\WINDOWS\system32\SHELL32.DLL
{E4FBEFFA-A1B6-4C75-A36F-000BCF78FC1E} = C:\WINDOWS\system32\DM210V204_32.dll
{0011F633-4D16-40F5-A36A-6691F55814CE} = C:\WINDOWS\system32\dCdim.dll
{FF56D1C7-3B05-4680-8D70-30FD720F1740} = C:\WINDOWS\system32\svorprop.dll
{B6B58A45-9983-4F43-B64E-57E022B17AA7} = C:\WINDOWS\system32\iqlogmsg.dll
{731FD87F-1E13-4134-9515-6C2B14366312} = C:\WINDOWS\system32\effpixaudio.dll
{A2EDF8BE-5A4F-4C30-B9F0-DF918777940E} = C:\WINDOWS\system32\DVomExt.dll
{B02207F6-84F3-4DD1-BAB8-24ED123A15D8} = C:\WINDOWS\system32\LLADPERF.DLL
{936C5084-D286-4B89-A1BC-CDFF77584325} = C:\WINDOWS\system32\xelehlp.dll
{59157EE0-B375-4C92-A984-29BD446E1625} = C:\WINDOWS\system32\exfpixpsets.dll
{83BC23E3-97DF-4F24-B99D-CAD32E039F44} = C:\WINDOWS\system32\LCADPERF.DLL
{30E82AB2-C3EB-433D-A062-08CC2A793703} = C:\WINDOWS\system32\ptrfdisk.dll
{02B4BEFB-63B6-4F19-B031-8E3AAD21D36C} = C:\WINDOWS\system32\eufpixaudio.dll
{B1C37748-D7AC-4A17-8F78-55F9AE388E18} = C:\WINDOWS\system32\sfndmail.dll
{E4EED7EB-1482-4CD6-8AAC-98A47C587BD8} = C:\WINDOWS\system32\MUC30.DLL
{4A49EB32-6A27-463E-A025-80867CE04438} = C:\WINDOWS\system32\wpw32.dll
{DEE8F949-9F4C-45FD-B95F-38EAEF720BB4} = C:\WINDOWS\system32\kgdes.dll
{3C82A44D-2E47-4F7C-9749-C23DA0EF473F} = C:\WINDOWS\system32\inlogmsg.dll
{448B7376-7BA3-4DAC-AAC3-E09B12F561F7} = C:\WINDOWS\system32\ihctl.dll
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NortonAntivirus
{067DF822-EAB6-11cf-B56E-00A0244D5087} =
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\shell32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= C:\WINDOWS\System32\docprop2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7ab770c7-0e23-4d7a-8aa2-19bfad479829}
= C:\WINDOWS\system32\SHELL32.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{7f9609be-af9a-11d1-83e0-00c04fb6e984}
= %SystemRoot%\system32\faxshell.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{884EA37B-37C0-11d2-BE3F-00A0C9A83DA1}
= C:\WINDOWS\System32\docprop2.dll
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}
Google Toolbar Helper = c:\program files\google\googletoolbar1.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINDOWS\System32\msdxm.ocx
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2FDEF853-0759-11D4-A92E-006097DBED37}
ButtonText = Encarta Encyclopedia :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5DA9DE80-097A-11D4-A92E-006097DBED37}
ButtonText = Define :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}
MenuText = Java :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
ButtonText = @shdoclc.dll,-866 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Microsoft SearchBand = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
Media Band = %SystemRoot%\system32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File and Folders Search ActiveX Control = C:\WINDOWS\system32\shell32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\browseui.dll
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINDOWS\System32\msdxm.ocx
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
{F5735C15-1FB2-41FE-BA12-242757E69DDE} = JunoBar : C:\Program Files\Juno\toolbar.dll
{8E718888-423F-11D2-876E-00A0C9082467} = @msdxmLC.dll,-1@1033,&Radio : C:\WINDOWS\System32\msdxm.ocx
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = &Google : c:\program files\google\googletoolbar1.dll
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = :
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\System32\browseui.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
YourMonitor C:\WINDOWS\YourMonitor
WinampAgent "C:\Program Files\Winamp\Winampa.exe"
testit.exe C:\WINDOWS\system32\testit.exe
System service65 C:\WINDOWS\etb\pokapoka65.exe
Synchronization Manager mobsync.exe /logon
SunJavaUpdateSched C:\Program Files\Java\jre1.5.0\bin\jusched.exe
SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
RecoverFromReboot C:\WINDOWS\Temp\RecoverFromReboot.exe
RealTray C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroCheck C:\WINDOWS\System32\NeroCheck.exe
gcasServ "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
BJCFD C:\Program Files\BroadJump\Client Foundation\CFD.exe
TagASaurus C:\Program Files\TagASaurus\TagASaurus
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Sys98 C:\WINDOWS\Sys98.exe
MoneyAgent "C:\Program Files\Microsoft Money\System\Money Express.exe"
Microsoft Works Update Detection C:\Program Files\Microsoft Works\WkDetect.exe
Juno_uoltray C:\Program Files\Juno\exec.exe regrun
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ah$vùõš/‚²95ß
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ah$vùõš/‚²95ß\ÏrbþC:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ah$vùõš/‚²‘ÆßfÏNb‰C:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ah$vùõš/‚²‘ÆßfÏNb‰C:\Program Files
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\WINDOWS
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop\AdminComponent
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Network
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\WinOldApp
NoRealMode 1
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ActiveDesktop
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations
LowRiskFileTypes .zip;.rar;.cab;.txt;.exe;.reg;.msi;.htm;.html;.gif;.bmp;.jpg;.avi;.mov;.mp3;.wav
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 149
CDRAutoRun 0
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
ndndgeqbw.exe C:\WINDOWS\system\ndndgeqbw.exe
sgiche C:\WINDOWS\system32\sgiche.exe
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
DisableRegistryTools 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
Network.ConnectionTray {7007ACCF-3202-11D1-AAD2-00805FC1270E} = C:\WINDOWS\system32\NETSHELL.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = stobject.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wzcnotif
= wzcdlg.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs
»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 9/30/2005 10:18:44 AM