Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

URGENT HELP [RESOLVED]


  • This topic is locked This topic is locked

#16
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 4/30/2005 2:10:22 PM 95744 C:\adlinstallwin32.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
SAHAgent 5/11/2005 5:12:04 PM 49664 C:\WINDOWS\3vjhr1g9.exe
PEC2 9/11/2005 10:27:24 AM 1440054 C:\WINDOWS\Alicia Keys.bmp
SAHAgent 6/8/2005 10:16:02 AM 50176 C:\WINDOWS\coqm8krf.exe
SAHAgent 6/8/2005 10:16:02 AM 50176 C:\WINDOWS\nvr1liqm.exe
aspack 7/15/2005 6:34:48 PM 38400 C:\WINDOWS\shop1004.exe
UPX! 7/16/2005 9:22:10 AM 45312 C:\WINDOWS\tct101.dll
UPX! 7/15/2005 6:31:46 PM 65024 C:\WINDOWS\thin-114-1-x-x.exe
UPX! 9/14/2005 6:28:42 PM 226536 C:\WINDOWS\whCC-GIANT.exe

Checking %System% folder...
UPX! 4/11/2005 3:17:10 PM 60928 C:\WINDOWS\SYSTEM32\1800414.dll
UPX! 4/11/2005 3:17:10 PM 60928 C:\WINDOWS\SYSTEM32\180621.dll
SAHAgent 5/18/2005 3:42:40 PM 35 C:\WINDOWS\SYSTEM32\3vjhr1g9.ini
UPX! 5/1/2005 6:47:56 PM 95744 C:\WINDOWS\SYSTEM32\adlinstallwin32.exe
UPX! 5/4/2005 1:00:44 PM 98816 C:\WINDOWS\SYSTEM32\better0503.dll
UPX! 5/4/2005 1:00:44 PM 98816 C:\WINDOWS\SYSTEM32\better621.dll
UPX! 6/2/2005 12:45:14 PM 37888 C:\WINDOWS\SYSTEM32\blizstarluck.dll
UPX! 4/18/2005 9:11:20 AM 168960 C:\WINDOWS\SYSTEM32\blizzard.dll
UPX! 4/18/2005 9:11:20 AM 168960 C:\WINDOWS\SYSTEM32\blizzard621.dll
UPX! 6/21/2005 4:45:02 PM 35328 C:\WINDOWS\SYSTEM32\captain.dll
aspack 9/11/2005 9:37:18 AM 197120 C:\WINDOWS\SYSTEM32\CiaraSS6.scr
SAHAgent 9/1/2005 2:04:26 PM 35 C:\WINDOWS\SYSTEM32\coqm8krf.ini
SAHAgent 10/4/2005 8:42:18 PM 3379 C:\WINDOWS\SYSTEM32\dcbctuaa.ini
UPX! 4/6/2005 12:23:56 PM 51712 C:\WINDOWS\SYSTEM32\delfin0414.dll
UPX! 4/6/2005 12:23:56 PM 51712 C:\WINDOWS\SYSTEM32\delfin621.dll
PEC2 8/18/2001 10:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
SAHAgent 5/11/2005 3:33:50 PM 30720 C:\WINDOWS\SYSTEM32\dr350o9m.exe
SAHAgent 9/1/2005 2:04:26 PM 35 C:\WINDOWS\SYSTEM32\dr350o9m.ini
69.59.186.63 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
209.66.67.134 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
web-nex 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
winsync 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
UPX! 5/13/2005 1:36:00 PM 66560 C:\WINDOWS\SYSTEM32\golden513.dll
UPX! 5/13/2005 1:36:00 PM 66560 C:\WINDOWS\SYSTEM32\golden621.dll
UPX! 4/6/2005 12:23:58 PM 61440 C:\WINDOWS\SYSTEM32\goldnew2b0414.dll
SAHAgent 5/11/2005 3:33:50 PM 30720 C:\WINDOWS\SYSTEM32\gsdbd6g4.exe
SAHAgent 5/18/2005 3:42:40 PM 35 C:\WINDOWS\SYSTEM32\gsdbd6g4.ini
SAHAgent 5/11/2005 3:33:50 PM 30720 C:\WINDOWS\SYSTEM32\gvhbr57h.exe
SAHAgent 9/14/2005 6:29:52 PM 35 C:\WINDOWS\SYSTEM32\gvhbr57h.ini
SAHAgent 6/17/2005 3:21:42 PM 204288 C:\WINDOWS\SYSTEM32\h8s7vs91.exe
SAHAgent 9/10/2005 4:33:46 PM 3534 C:\WINDOWS\SYSTEM32\h8s7vs91.ini
FSG! 3/30/2005 9:43:14 PM 398742 C:\WINDOWS\SYSTEM32\Iidtvtk1.xml
69.59.186.63 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
209.66.67.134 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
web-nex 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
winsync 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
69.59.186.63 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
209.66.67.134 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
web-nex 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
winsync 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
UPX! 8/16/2005 8:04:42 AM 121433 C:\WINDOWS\SYSTEM32\mc-110-12-0000079.exe
UPX! 5/25/2005 6:45:14 PM 119229 C:\WINDOWS\SYSTEM32\mc-58-12-0000079.exe
UPX! 6/26/2005 6:00:18 AM 20992 C:\WINDOWS\SYSTEM32\msclock32.dll
UPX! 8/22/2001 8:00:00 PM 193024 C:\WINDOWS\SYSTEM32\mskceo.dll
UPX! 8/22/2001 8:00:00 PM 209920 C:\WINDOWS\SYSTEM32\mskhhe.dll
UPX! 6/12/2005 10:01:52 AM 20992 C:\WINDOWS\SYSTEM32\msplock32.dll
UPX! 8/15/2005 6:56:46 PM 25105 C:\WINDOWS\SYSTEM32\MTE2ODM6ODoxNg.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
SAHAgent 9/14/2005 6:29:52 PM 35 C:\WINDOWS\SYSTEM32\nvr1liqm.ini
SAHAgent 5/11/2005 8:11:20 AM 202240 C:\WINDOWS\SYSTEM32\p6js2sqb.exe
SAHAgent 6/26/2005 11:38:32 AM 3517 C:\WINDOWS\SYSTEM32\p6js2sqb.ini
UPX! 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
qoologic 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
ad-beh 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
ad-behNior.com 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
KavSvc 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
69.59.186.63 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
209.66.67.134 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
66.63.167.97 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
66.63.167.77 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
yourkey 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 6/21/2005 4:40:30 PM 36352 C:\WINDOWS\SYSTEM32\riverbelle.dll
abetterinternet.com 6/26/2005 11:34:36 AM 283774 C:\WINDOWS\SYSTEM32\saie.log
UPX! 3/30/2005 12:30:22 PM 125440 C:\WINDOWS\SYSTEM32\saie1108.exe
aspack 6/26/2005 10:11:48 AM 11292241 C:\WINDOWS\SYSTEM32\saie_kyf.dat
PTech 6/26/2005 10:11:48 AM 11292241 C:\WINDOWS\SYSTEM32\saie_kyf.dat
UPX! 4/11/2005 5:47:48 PM 22016 C:\WINDOWS\SYSTEM32\searchdll.dll
69.59.186.63 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
209.66.67.134 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
web-nex 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
winsync 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
UPX! 8/5/2005 10:04:38 PM 65024 C:\WINDOWS\SYSTEM32\thin-138-1-x-x.exe
UPX! 4/2/2005 9:36:08 AM 69120 C:\WINDOWS\SYSTEM32\tksrv99.exe
UPX! 4/2/2005 9:39:14 AM 143360 C:\WINDOWS\SYSTEM32\ucsi.exe
winsync 8/18/2001 10:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/5/2005 5:28:04 PM S 2048 C:\WINDOWS\bootstat.dat
10/2/2005 3:31:08 PM HS 219136 C:\WINDOWS\Thumbs.db
10/3/2005 7:38:20 AM H 0 C:\WINDOWS\inf\oem45.inf
10/2/2005 10:55:16 PM RHS 286777 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_10.cab
10/5/2005 5:30:14 PM H 1024 C:\WINDOWS\system32\config\default.LOG
10/5/2005 5:29:18 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/5/2005 5:29:48 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
10/5/2005 6:13:20 PM H 1024 C:\WINDOWS\system32\config\software.LOG
10/5/2005 6:13:20 PM H 1024 C:\WINDOWS\system32\config\system.LOG
10/5/2005 5:29:28 PM HS 192 C:\WINDOWS\Tasks\RUTASK.job
10/5/2005 5:28:12 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 5/26/2003 7:12:14 AM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/6/2001 2:14:22 PM 24665 C:\WINDOWS\SYSTEM32\plugincpl131.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 1/6/2004 4:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 9/24/2005 10:42:38 PM 106544 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL
Compaq Computer Corporation 4/8/2002 9:00:28 PM 106496 C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/17/2001 12:56:56 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/17/2001 12:47:10 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/25/2005 1:57:42 PM 5704 C:\Documents and Settings\All Users\Application Data\ypinfo.bin

Checking files in %USERPROFILE%\Startup folder...
9/17/2001 12:56:56 AM HS 84 C:\Documents and Settings\Jay\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/17/2001 12:47:10 AM HS 62 C:\Documents and Settings\Jay\Application Data\desktop.ini
10/4/2005 9:20:02 AM 462647 C:\Documents and Settings\Jay\Application Data\Sskknwrd.dll

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
acc=marketingsector =
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fmtyqfyk
{70c43dea-a59b-4060-bca8-4b63dda808c0} = C:\WINDOWS\System32\fkrml.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINDOWS\system32\wuauclt.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
Starware = C:\Program Files\Starware\bin\Starware.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00}
Search = C:\WINDOWS\System32\stlb2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
ButtonText = Yahoo! Login :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{825CF5BD-8862-4430-B771-0C15C5CA8DEF} = &EliteBar : C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{D49E9D35-254C-4C6A-9D17-95018D228FF5} = Starware : C:\Program Files\Starware\bin\Starware.dll
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} = Related Page : C:\WINDOWS\System32\WinNB57.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TkBellExe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
1 C:\WINDOWS\system32\cmd.exe /c erase "c:\winnt\temp\acsuninstall.exe"
2 C:\WINDOWS\system32\cmd.exe /c erase "c:\winnt\temp\AcsUninstallRes.dll"
3 C:\WINDOWS\system32\cmd.exe /c erase "c:\winnt\temp\shfolder.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Creative Detector "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
AIM C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
item America Online 9.0 Tray Icon
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
item America Online 9.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FINEPI~1\QuickDCF.exe
item Exif Launcher
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FINEPI~1\QuickDCF.exe
item Exif Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^nrpa.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
backup C:\WINDOWS\pss\nrpa.exeCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
item nrpa
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
backup C:\WINDOWS\pss\nrpa.exeCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
item nrpa

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
item officejet 6100
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
item officejet 6100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\WinZip\WZQKPICK.EXE
item WinZip Quick Pick
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\WinZip\WZQKPICK.EXE
item WinZip Quick Pick

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\5eb0c15fe81c
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bitsprx3
hkey HKLM
command C:\WINDOWS\System32\bitsprx3.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bitsprx3
hkey HKLM
command C:\WINDOWS\System32\bitsprx3.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\98D0CE0C16B1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe D0CE0C16B1,D0CE0C16B1
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe D0CE0C16B1,D0CE0C16B1
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe E6F1873B.DLL,D9EBC318C
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe E6F1873B.DLL,D9EBC318C
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLSP Scheduler
hkey HKLM
command "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLSP Scheduler
hkey HKLM
command "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
command C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
command C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtxBrw
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IEXPLOR
hkey HKLM
command C:\WINDOWS\IEXPLOR.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IEXPLOR
hkey HKLM
command C:\WINDOWS\IEXPLOR.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AUNPS2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32 AUNPS2
hkey HKLM
command RUNDLL32 AUNPS2.DLL,_Run@16
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32 AUNPS2
hkey HKLM
command RUNDLL32 AUNPS2.DLL,_Run@16
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoUpdater
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AutoUpdate
hkey HKLM
command "C:\Program Files\AutoUpdate\AutoUpdate.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AutoUpdate
hkey HKLM
command "C:\Program Files\AutoUpdate\AutoUpdate.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BJCFD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CFD
hkey HKLM
command C:\Program Files\BroadJump\Client Foundation\CFD.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CFD
hkey HKLM
command C:\Program Files\BroadJump\Client Foundation\CFD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BMan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BMan1
hkey HKLM
command C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BMan1
hkey HKLM
command C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO4gyw^ܜMC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO4gyw^ܜMC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOh[bxC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOh[bxC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[C:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[C:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOo!u#

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOo!u#\bC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOo!u#\ƴC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO)%)fNbC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO)%)fNbC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BullsEye Network
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bargains
hkey HKLM
command C:\Program Files\BullsEye Network\bin\bargains.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bargains
hkey HKLM
command C:\Program Files\BullsEye Network\bin\bargains.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\WINDOWS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CaAvTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVTray
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVTray
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CARPService
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item carpserv
hkey HKLM
command carpserv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item carpserv
hkey HKLM
command carpserv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAS Client
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAVRID
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVRID
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVRID
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cepvenc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cepvenc
hkey HKLM
command C:\WINDOWS\cepvenc.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cepvenc
hkey HKLM
command C:\WINDOWS\cepvenc.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfgmgr52
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\checkrun
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item elitelgw32
hkey HKLM
command C:\windows\system32\elitelgw32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item elitelgw32
hkey HKLM
command C:\windows\system32\elitelgw32.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cisrgmi
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item riqgjq
hkey HKLM
command c:\windows\system32\riqgjq.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item riqgjq
hkey HKLM
command c:\windows\system32\riqgjq.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cjlgnf
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cjlgnf
hkey HKLM
command c:\windows\system32\cjlgnf.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cjlgnf
hkey HKLM
command c:\windows\system32\cjlgnf.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CookiePatrol
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CookiePatrol
hkey HKLM
command C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CookiePatrol
hkey HKLM
command C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CPQEASYACC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StartEAK
hkey HKLM
command C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StartEAK
hkey HKLM
command C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc619edbd9a4
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bootvid1
hkey HKLM
command C:\WINDOWS\System32\bootvid1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bootvid1
hkey HKLM
command C:\WINDOWS\System32\bootvid1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\emqe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ncadapth
hkey HKLM
command C:\WINDOWS\ncadapth.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ncadapth
hkey HKLM
command C:\WINDOWS\ncadapth.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\farmmext
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item farmmext
hkey HKLM
command C:\WINDOWS\farmmext.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item farmmext
hkey HKLM
command C:\WINDOWS\farmmext.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fcdud
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fcdud
hkey HKLM
command C:\WINDOWS\fcdud.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fcdud
hkey HKLM
command C:\WINDOWS\fcdud.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fdrcaxo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ffwwos
hkey HKLM
command C:\Program Files\Jnfrl\Ffwwos.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ffwwos
hkey HKLM
command C:\Program Files\Jnfrl\Ffwwos.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlaCPY
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item flacpy
hkey HKLM
command "C:\Program Files\Common Files\Java\flacpy.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item flacpy
hkey HKLM
command "C:\Program Files\Common Files\Java\flacpy.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FtkCPY
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ftkcpy
hkey HKLM
command "C:\Program Files\Common Files\Java\ftkcpy.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ftkcpy
hkey HKLM
command "C:\Program Files\Common Files\Java\ftkcpy.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\G3
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GSMedia3
hkey HKLM
command C:\WINDOWS\System32\GSMedia3.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GSMedia3
hkey HKLM
command C:\WINDOWS\System32\GSMedia3.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\h8s7vs91
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item h8s7vs91
hkey HKLM
command C:\WINDOWS\System32\h8s7vs91.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item h8s7vs91
hkey HKLM
command C:\WINDOWS\System32\h8s7vs91.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hah
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hah
hkey HKLM
command C:\WINDOWS\hah.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hah
hkey HKLM
command C:\WINDOWS\hah.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hneuni
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hneuni
hkey HKCU
command C:\WINDOWS\System32\hneuni.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hneuni
hkey HKCU
command C:\WINDOWS\System32\hneuni.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hozvpqwlc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hozvpqwlc
hkey HKLM
command c:\windows\system32\hozvpqwlc.exe -start
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hozvpqwlc
hkey HKLM
command c:\windows\system32\hozvpqwlc.exe -start
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
command "C:\Program Files\Internet Optimizer\optimize.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
command "C:\Program Files\Internet Optimizer\optimize.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
command C:\Program Files\ISTsvc\istsvc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
command C:\Program Files\ISTsvc\istsvc.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KavSvc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rhnamr
hkey HKLM
command C:\WINDOWS\System32\rhnamr.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rhnamr
hkey HKLM
command C:\WINDOWS\System32\rhnamr.exe reg_run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
command C:\Program Files\Media Access\MediaAccK.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
command C:\Program Files\Media Access\MediaAccK.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Gateway
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Portfolio
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mprpmo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mprpmo
hkey HKCU
command C:\WINDOWS\System32\mprpmo.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mprpmo
hkey HKCU
command C:\WINDOWS\System32\mprpmo.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ms044108851350
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ms044108851350
hkey HKLM
command C:\WINDOWS\ms044108851350.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ms044108851350
hkey HKLM
command C:\WINDOWS\ms044108851350.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msmc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mskkk
hkey HKLM
command C:\WINDOWS\System32\mskkk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mskkk
hkey HKLM
command C:\WINDOWS\System32\mskkk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nsv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nsvsvc
hkey HKLM
command C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nsvsvc
hkey HKLM
command C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32
hkey HKLM
command RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32
hkey HKLM
command RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OSS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rlvknlg
hkey HKLM
command C:\windows\rlvknlg.exe -boot
inimappin
  • 0

Advertisements


#17
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Jaimen

Well it took me 2 hours to go through that log which I think may be incomplete, as it ended a little abruptly. If there is more, please post just the bit that I haven't seen; I don't want to trawl through all of it again.

This part of the fix deals with both file and folder deletion.

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the Killbox programme, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\adlinstallwin32.exe
C:\WINDOWS\3vjhr1g9.exe
C:\WINDOWS\coqm8krf.exe
C:\WINDOWS\nvr1liqm.exe
C:\WINDOWS\shop1004.exe
C:\WINDOWS\tct101.dll
C:\WINDOWS\thin-114-1-x-x.exe
C:\WINDOWS\whCC-GIANT.exe
C:\WINDOWS\SYSTEM32\1800414.dll
C:\WINDOWS\SYSTEM32\180621.dll
C:\WINDOWS\SYSTEM32\3vjhr1g9.ini
C:\WINDOWS\SYSTEM32\adlinstallwin32.exe
C:\WINDOWS\SYSTEM32\better0503.dll
C:\WINDOWS\SYSTEM32\better621.dll
C:\WINDOWS\SYSTEM32\blizstarluck.dll
C:\WINDOWS\SYSTEM32\blizzard.dll
C:\WINDOWS\SYSTEM32\blizzard621.dll
C:\WINDOWS\SYSTEM32\captain.dll
C:\WINDOWS\SYSTEM32\CiaraSS6.scr
C:\WINDOWS\SYSTEM32\coqm8krf.ini
C:\WINDOWS\SYSTEM32\dcbctuaa.ini
C:\WINDOWS\SYSTEM32\delfin0414.dll
C:\WINDOWS\SYSTEM32\delfin621.dll
C:\WINDOWS\SYSTEM32\dr350o9m.exe
C:\WINDOWS\SYSTEM32\dr350o9m.ini
C:\WINDOWS\SYSTEM32\fkrml.dll
C:\WINDOWS\SYSTEM32\golden513.dll
C:\WINDOWS\SYSTEM32\golden621.dll
C:\WINDOWS\SYSTEM32\goldnew2b0414.dll
C:\WINDOWS\SYSTEM32\gsdbd6g4.exe
C:\WINDOWS\SYSTEM32\gsdbd6g4.ini
C:\WINDOWS\SYSTEM32\gvhbr57h.exe
C:\WINDOWS\SYSTEM32\h8s7vs91.exe
C:\WINDOWS\SYSTEM32\h8s7vs91.ini
C:\WINDOWS\SYSTEM32\Iidtvtk1.xml
C:\WINDOWS\SYSTEM32\iltcoic.dll
C:\WINDOWS\SYSTEM32\jeoab.dll
C:\WINDOWS\SYSTEM32\mc-110-12-0000079.exe
C:\WINDOWS\SYSTEM32\mc-58-12-0000079.exe
C:\WINDOWS\SYSTEM32\msclock32.dll
C:\WINDOWS\SYSTEM32\mskceo.dll
C:\WINDOWS\SYSTEM32\mskhhe.dll
C:\WINDOWS\SYSTEM32\msplock32.dll
C:\WINDOWS\SYSTEM32\MTE2ODM6ODoxNg.exe
C:\WINDOWS\SYSTEM32\nvr1liqm.ini
C:\WINDOWS\SYSTEM32\p6js2sqb.exe
C:\WINDOWS\SYSTEM32\p6js2sqb.ini
C:\WINDOWS\SYSTEM32\Qool.exe
C:\WINDOWS\SYSTEM32\riverbelle.dll
abetterinternet.com 6/26/2005 11:34:36 AM 283774 C:\WINDOWS\SYSTEM32\saie.log
C:\WINDOWS\SYSTEM32\saie1108.exe
C:\WINDOWS\SYSTEM32\saie_kyf.dat
C:\WINDOWS\SYSTEM32\searchdll.dll
C:\WINDOWS\SYSTEM32\sfksgss.dll
C:\WINDOWS\SYSTEM32\thin-138-1-x-x.exe
C:\WINDOWS\SYSTEM32\tksrv99.exe
C:\WINDOWS\SYSTEM32\ucsi.exe
C:\Documents and Settings\Jay\Application Data\Sskknwrd.dll
C:\WINDOWS\System32\WinNB57.dll
C:\Program Files\Starware\bin\Starware.dll
C:\WINDOWS\System32\stlb2.dll
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
C:\WINDOWS\System32\bitsprx3.exe
C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINDOWS\cepvenc.EXE
C:\windows\system32\elitelgw32.exe
c:\windows\system32\riqgjq.exe
c:\windows\system32\cjlgnf.exe
C:\WINDOWS\System32\bootvid1.exe
C:\WINDOWS\ncadapth.exe
C:\WINDOWS\System32\exp.exe
C:\WINDOWS\farmmext.exe
C:\WINDOWS\fcdud.exe
C:\Program Files\Jnfrl\Ffwwos.exe
C:\Program Files\Common Files\Java\flacpy.exe
C:\Program Files\Common Files\Java\ftkcpy.exe
C:\WINDOWS\System32\GSMedia3.exe
C:\WINDOWS\System32\h8s7vs91.exe
C:\WINDOWS\hah.exe
C:\WINDOWS\System32\hneuni.exe
c:\windows\system32\hozvpqwlc.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\System32\rhnamr.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Gateway\MediaGateway.exe
C:\WINDOWS\System32\mprpmo.exe
C:\WINDOWS\ms044108851350.exe
C:\WINDOWS\System32\mskkk.exe
C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
C:\windows\rlvknlg.exe


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt..

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete these folders (if present) using Windows Explorer:

C:\WINDOWS\System32\nsvsvc\
C:\Program Files\Media Gateway\
C:\Program Files\Media Access\
C:\Program Files\ISTsvc\
C:\Program Files\Internet Optimizer\
C:\Program Files\Jnfrl\
C:\Program Files\Cas\
C:\Program Files\BullsEye Network\
C:\Program Files\Starware\

Reboot normally.

Try running Ewido now that all those bad files have been deleted.

How is it running now?
  • 0

#18
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:49:27 PM, 10/6/2005
+ Report-Checksum: 95869B8C

+ Scan result:

HKLM\SOFTWARE\ADPower -> Spyware.AdPowerZone : Ignored
HKLM\SOFTWARE\ADPower\AtxBrw -> Spyware.AdPowerZone : Ignored
HKLM\SOFTWARE\AutoLoader\s0u71WJLIMPK -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\AutoLoader\s0uH1WJLIMPK -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\anything -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\anything\cf1 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\RO -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\RO\cf1 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\RO\Upgrade -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext\cf1 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext\cf2 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\TContext\cf3 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf1 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf2 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf3 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf4 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\WSE\cf5 -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Classes\AdmilliServX.Installer\CLSID\\ -> Spyware.WinFavorites : Ignored
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\AppID\BookedSpace.DLL\\AppID -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\AppID\{026E4B83-1BF7-41CB-8233-4AF35341BC69} -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\AppID\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\BookedSpace.Extension -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CLSID\\ -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\BookedSpace.Extension\CurVer -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5 -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\BookedSpace.Extension.5\CLSID\\ -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\CLSID\{00000000-DD60-0064-6EC2-6E0100000000} -> Spyware.MediaMotor : Ignored
HKLM\SOFTWARE\Classes\CLSID\{00000000-DD60-0064-6EC2-6E0100000000}\TypeLib\\ -> Spyware.VX2 : Ignored
HKLM\SOFTWARE\Classes\CLSID\{00A0A40C-F432-4C59-BA11-B25D142C7AB7} -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\CLSID\{017C20C1-F86F-11D8-9B25-000ACD002AE3} -> Spyware.EnhanceMySearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07F0A543-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{07F0A545-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0962DA67-DB64-465C-8CD7-CBB357CAF825} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0962DA67-DB64-465C-8CD7-CBB357CAF825}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0982868C-47F0-4EFB-A664-C7B0B1015808} -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\CLSID\{11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6}\TypeLib\\ -> Spyware.TX4 : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12345678-0000-0010-8000-00AAFF6D2EA4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76A-000000004D00}\TypeLib\\ -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00}\TypeLib\\ -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\CLSID\{145E6FB1-1256-44ed-A336-8BBA43373BE6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2079884B-6EF3-11D4-8A74-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{22B720C7-5FA6-40A8-9F8F-8584BF669690} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{22B720C7-5FA6-40A8-9F8F-8584BF669690}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2342DB04-08CE-4CF6-976D-BD9EFA960EFB} -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2342DB04-08CE-4CF6-976D-BD9EFA960EFB}\TypeLib\\ -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{28CAEFF3-0F18-4036-B504-51D73BD81ABC} -> Spyware.SearchMiracle : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\\AppID -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2BABD334-5C3F-11D4-B184-0050DAB79376}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{356B2BD0-D206-4E21-8C85-C6F49409C6A9} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{356B2BD0-D206-4E21-8C85-C6F49409C6A9}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\CLSID\{357A87ED-3E5D-437d-B334-DEB7EB4982A3} -> Trojan.Agent.eo : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.TopText : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3D7247E8-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC} -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\CLSID\{417386C3-8D4A-4611-9B91-E57E89D603AC}\TypeLib\\ -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\CLSID\{44BE0690-5429-47F0-85BB-3FFD8020233E} -> Spyware.UCmore : Ignored
HKLM\SOFTWARE\Classes\CLSID\{486145B0-37D1-428B-B3E1-26D26F690C79} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{486145B0-37D1-428B-B3E1-26D26F690C79}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4E7BD74F-2B8D-469E-A1F6-FC7EB590A97D} -> Spyware.Hijacker.Generic : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4F7681E5-6CAF-478D-9CB8-4CA593BEE7FB}\TypeLib\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{52ADD86D-9561-4C40-B561-4204DBC139D1} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{52ADD86D-9561-4C40-B561-4204DBC139D1}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\CLSID\{55910916-8B4E-4C1E-9253-CCE296EA71EB} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{58359010-BF36-11d3-99A2-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5F1ABCDB-A875-46c1-8345-B72A4567E486} -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{62631E26-B5A1-4AC4-A3AE-1CB72C6819C5} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{62631E26-B5A1-4AC4-A3AE-1CB72C6819C5}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Ignored
HKLM\SOFTWARE\Classes\CLSID\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{82F55658-CA6D-4754-B313-5DCAAFA0BB42} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{82F55658-CA6D-4754-B313-5DCAAFA0BB42}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8DA5457F-A8AA-4CCF-A842-70E6FD274094} -> Spyware.HuntBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4} -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib\\ -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC} -> Spyware.FizzleWizzle : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9056A11F-5EA6-4A67-BDE9-8D3C7C453DAC}\TypeLib\\ -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{94927A13-4AAA-476A-989D-392456427688} -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\CLSID\{94927A13-4AAA-476A-989D-392456427688}\TypeLib\\ -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0} -> Spyware.Hijacker.Generic : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9896231A-C487-43A5-8369-6EC9B0A96CC0}\TypeLib\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\CLSID\{999A06FF-10EF-4A29-8640-69E99882C26B}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A8BD9566-9895-4FA3-918D-A51D4CD15865} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A8DEB4A5-D9EF-4D21-B4F6-921475004E7D} -> Spyware.IBIS : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B599C57E-113A-4488-A5E9-BC552C4F1152} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C4FEE4A7-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C7EDAB2E-D7F9-11D8-BA48-C79B0C409D70} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297} -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CEA206E8-8057-4A04-ACE9-FF0D69A92297}\TypeLib\\ -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D0070620-1E72-42E7-A14C-3A255AD31839}\TypeLib\\ -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D290D6E7-BF9D-42F0-9C1B-3BC8AE769B57}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D52433A9-A44C-43AB-A013-24B3C756DD2B}\TypeLib\\ -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E004800A-73C6-4587-B855-98D0CE0C16B1} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FDE3577A-6254-181C-4E11-339E4F746BD3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FDE3577A-6254-181C-4E11-339E4F746BD3}\TypeLib\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID\\ -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1\CLSID\\ -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID\\ -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1\CLSID\\ -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLSID -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost\CurVer -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost.1 -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.eZulaCtrlHost.1\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt\CurVer -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt.1 -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaAgent.PlugProt.1\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand.1 -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\eZulaAgent.ToolBarBand.1\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CLSID -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe\CurVer -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe.1 -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\EZulaMain.eZulaSearchPipe.1\CLSID\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Fizzlebar.clsDockWindow -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Fizzlebar.clsDockWindow\Clsid -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Fizzlebar.clsDockWindow\Clsid\\ -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Fizzlebar.clsFwBar -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Fizzlebar.clsFwBar\Clsid -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Fizzlebar.clsFwBar\Clsid\\ -> Spyware.FizzleWizzle : Ignored
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Ignored
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\\ -> Spyware.VX2 : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control -> Spyware.E2G : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID -> Spyware.E2G : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control\CLSID\\ -> Spyware.E2Give : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control\CurVer -> Spyware.E2G : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control.1 -> Spyware.E2G : Ignored
HKLM\SOFTWARE\Classes\IeBHOs.Control.1\CLSID\\ -> Spyware.E2Give : Ignored
HKLM\SOFTWARE\Classes\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB} -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{018C5406-AEE6-4A68-980F-2CEB1E9416FB}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{01A9EB7C-69BC-11D2-AB2F-204C4F4F5020} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{01A9EB7C-69BC-11D2-AB2F-204C4F4F5020}\TypeLib\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{02B577D5-2212-42F3-AD51-2F6A9AE43233} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{02B577D5-2212-42F3-AD51-2F6A9AE43233}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E} -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\Interface\{05080E6B-A88A-4CFD-8C3D-9B2557670B6E}\TypeLib\\ -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{07F0A542-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{07F0A544-47BA-11D4-8A6D-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E} -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{0A7FC040-F84A-4AD7-9439-798B6C0F861E}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E} -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{10D7DB96-56DC-4617-8EAB-EC506ABE6C7E}\TypeLib\\ -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{1823BC4B-A253-4767-9CFC-9ACA62A6B136}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{19DFB2CA-9B27-11D4-B192-0050DAB79376}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Ignored
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101}\TypeLib\\ -> Spyware.AdRotator : Ignored
HKLM\SOFTWARE\Classes\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{27BC6871-4D5A-11D4-8A6D-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\Interface\{2BB15D36-43BE-4743-A3A0-3308F4B1A610}\TypeLib\\ -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\Interface\{3116ED38-8599-4261-8F81-F43266FFAAFF} -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Interface\{3116ED38-8599-4261-8F81-F43266FFAAFF}\TypeLib\\ -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Interface\{31CA5C07-7F5F-4502-8C77-99A91558ADD0} -> Spyware.TX4 : Ignored
HKLM\SOFTWARE\Classes\Interface\{31CA5C07-7F5F-4502-8C77-99A91558ADD0}\TypeLib\\ -> Spyware.TX4 : Ignored
HKLM\SOFTWARE\Classes\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668} -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{32A9D21F-F510-44DC-9EA6-0456EDA04668}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543} -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\TypeLib\\ -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Classes\Interface\{35AE618D-45F7-4AA7-A373-300DCB98858A} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{35AE618D-45F7-4AA7-A373-300DCB98858A}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{36A89C39-DA76-49D6-98F8-0CBEC6B8B352} -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Interface\{36A89C39-DA76-49D6-98F8-0CBEC6B8B352}\TypeLib\\ -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{3D7247F1-5DB8-11D4-8A72-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\Interface\{41700749-A109-4254-AF13-BE54011E8783}\TypeLib\\ -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A} -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{4562B6F3-DAF8-464E-87B7-5464575F0D6A}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{4FD8645F-9B3E-46C1-9727-9837842A84AB}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{58359012-BF36-11D3-99A2-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE} -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{6CDC3337-01F7-4A79-A4AF-0B19303CC0BE}\TypeLib\\ -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{71C456DD-F55B-46CE-ADCF-53D5899B8F79} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{71C456DD-F55B-46CE-ADCF-53D5899B8F79}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B} -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{795398D0-DC2F-4118-A69C-592273BA9C2B}\TypeLib\\ -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{7EDC96E1-5DD3-11D4-B185-0050DAB79376}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{806FCA2B-146F-4DC3-9CE7-3C576FEA15C3} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{806FCA2B-146F-4DC3-9CE7-3C576FEA15C3}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{8EBB1743-9A2F-11D4-8A7E-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357}\TypeLib\\ -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{94984402-B480-45C7-AD2D-84E5EB52CFCD} -> Spyware.VX2 : Ignored
HKLM\SOFTWARE\Classes\Interface\{94984402-B480-45C7-AD2D-84E5EB52CFCD}\TypeLib\\ -> Spyware.VX2 : Ignored
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}\TypeLib\\ -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Classes\Interface\{A7370377-E217-4467-8448-9845270CD4A3} -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\Interface\{A7370377-E217-4467-8448-9845270CD4A3}\TypeLib\\ -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5}\TypeLib\\ -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06} -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{B288F21C-A144-4CA2-9B70-8AFA1FAE4B06}\TypeLib\\ -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757} -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\Interface\{BB0D5ADC-028D-4185-9288-722DDCE2C757}\TypeLib\\ -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA}\ProxyStubClsid32\\ -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Classes\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{C4FEE4A6-4B8B-11D4-8A6D-0050DA2EE1BE}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357}\TypeLib\\ -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31} -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{C93CC79D-02D5-45B0-BE39-7F5B0E5DDA31}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{CB08E48A-FE7E-4F13-8593-B7AE6EC81D83} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{CB08E48A-FE7E-4F13-8593-B7AE6EC81D83}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B} -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{DA4B919F-B757-4E32-8D79-DEC5C2704C4B}\TypeLib\\ -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Ignored
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0}\TypeLib\\ -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{EF0372DC-F552-11D3-8528-0050DAB79376}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{EF0372DE-F552-11D3-8528-0050DAB79376}\TypeLib\\ -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\Interface\{EF90EB04-44C3-4AE5-9D01-C8DEF134D82A} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\Interface\{EF90EB04-44C3-4AE5-9D01-C8DEF134D82A}\TypeLib\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\MailHook.MailTo -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MailHook.MailTo\CLSID -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MailHook.MailTo\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MailHook.MailTo\CurVer -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MailHook.MailTo.1 -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MailHook.MailTo.1\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Ignored
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Ignored
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Ignored
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID\\ -> Spyware.BargainBuddy : Ignored
HKLM\SOFTWARE\Classes\NLS.UrlCatcher.1 -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy\CLSID\\ -> Spyware.NetNucleus : Ignored
HKLM\SOFTWARE\Classes\NN_Bar_Dummy.NN_BarDummy.1\CLSID\\ -> Spyware.NetNucleus : Ignored
HKLM\SOFTWARE\Classes\PopOops2.PopOops -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\PopOops2.PopOops\Clsid\\ -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res\WToolsB.ResProtocol -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj\CLSID -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj\CLSID\\ -> Spyware.MediaMotor : Ignored
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj\CurVer -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj.1 -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\PynixDll.PynixDllObj.1\CLSID\\ -> Spyware.MediaMotor : Ignored
HKLM\SOFTWARE\Classes\search3.SEARCH3\Clsid\\ -> Spyware.Hijacker.Generic : Ignored
HKLM\SOFTWARE\Classes\Serch_hook.transURL\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Serch_hook.transURL.1\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Shorty.Gopher -> Adware.Shorty : Ignored
HKLM\SOFTWARE\Classes\Shorty.Gopher\CLSID -> Adware.Shorty : Ignored
HKLM\SOFTWARE\Classes\Shorty.Gopher\CurVer -> Adware.Shorty : Ignored
HKLM\SOFTWARE\Classes\Shorty.Gopher.1 -> Adware.Shorty : Ignored
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\SWLAD1.SWLAD\Clsid -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\trfdsk.amo -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.amo\CLSID -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.amo\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.amo\CurVer -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.amo.1 -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.amo.1\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.iiittt -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.iiittt\CLSID -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.iiittt\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.iiittt\CurVer -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.iiittt.1 -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.iiittt.1\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.momo -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.momo\CLSID -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.momo\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.momo\CurVer -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.momo.1 -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.momo.1\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.ohb -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.ohb\CLSID -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.ohb\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.ohb\CurVer -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.ohb.1 -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\trfdsk.ohb.1\CLSID\\ -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{01A9EB70-69BC-11D2-AB2F-204C4F4F5020} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{026E4B83-1BF7-41CB-8233-4AF35341BC69} -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{07F0A536-47BA-11D4-8A6D-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{09049E4F-8D9E-4C8A-A952-5BAF1A115C59} -> Spyware.VX2 : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{0BE10B0D-B4DB-4693-9B1F-9AEAD54D17DC} -> Spyware.SafeSurfing : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{0DC5CD7C-F653-4417-AA43-D457BE3A9622} -> Spyware.BookedSpace : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{12EE7A5E-0674-42F9-A76C-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{223A26D8-9F91-42F6-8ED3-094B637DE020} -> Spyware.TX4 : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{2A7DB8D1-43BE-4AD3-A81E-9BB8C9D00073} -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{45782901-BA9F-422D-B231-BCB6487FAC4B} -> Spyware.Begin2Search : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{549AD254-492D-42B5-8909-34F14348D4BC} -> Spyware.FizzleBar : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{58359011-BF36-11D3-99A2-0050DA2EE1BE} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{8A044396-5DA2-11D4-B185-0050DAB79376} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{92DAF5C1-2135-4E0C-B7A0-259ABFCD3904} -> Spyware.BetterInternet : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{C5991634-0185-4B0D-B4F9-6C45597962B7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{D0288A41-9855-4A9B-8316-BABE243648DA} -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{D0C29A75-7146-4737-98EE-BC4D7CF44AF9} -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{DA15C9A2-C30A-4761-922A-5DFE7C9A1F67} -> Spyware.DesktopTraffic : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{E0D3B292-A0B0-4640-975C-2F882E039F52} -> Spyware.AdDestroyer : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{EE79D398-AAAF-47B1-8C9E-11F7D4C9111B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\UnawareObj.UnawareObj -> Spyware.FlashTrack : Ignored
HKLM\SOFTWARE\Classes\UnawareObj.UnawareObj\CurVer -> Spyware.FlashTrack : Ignored
HKLM\SOFTWARE\Classes\UnawareObj.UnawareObj.1 -> Spyware.FlashTrack : Ignored
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CLSID -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CLSID\\ -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj\CurVer -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj.1 -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\urlcli.UrlCliObj.1\CLSID\\ -> Spyware.ClientMan : Ignored
HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1 -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\VCCPGDATAACCESS.PgDataAccessCtrl.1\CLSID\\ -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Classes\WStart.WHttpHelper\CLSID\\ -> Spyware.Hijacker.Generic : Ignored
HKLM\SOFTWARE\Classes\WStart.WHttpHelper.1\CLSID\\ -> Spyware.Hijacker.Generic : Ignored
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Classes\WToolsB.ResProtocol\Clsid\\ -> Spyware.IBIS : Ignored
HKLM\SOFTWARE\Classes\XPlugin.XFilter -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\XPlugin.XFilter\CLSID -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\XPlugin.XFilter\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\XPlugin.XFilter\CurVer -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\XPlugin.XFilter.1 -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\XPlugin.XFilter.1\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO\CLSID -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO\CLSID\\ -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO\CurVer -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO.1 -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarBHO.1\CLSID\\ -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName\CLSID -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName\CLSID\\ -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName\CurVer -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName.1 -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Classes\_ATL_GENERATED.SearchToolbarName.1\CLSID\\ -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Clickspring -> Spyware.PurityScan : Ignored
HKLM\SOFTWARE\dealhelper -> Spyware.DealHelper : Ignored
HKLM\SOFTWARE\dealhelper\KeyWord -> Spyware.DealHelper : Ignored
HKLM\SOFTWARE\Dvx -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Effective-i -> Spyware.EffectiveBrandToolbar : Ignored
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Ignored
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\\ComId -> Spyware.UCmore : Ignored
HKLM\SOFTWARE\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Ignored
HKLM\SOFTWARE\Envolo -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Envolo\AutoUpdate -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Envolo\AutoUpdate\State -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Envolo\AutoUpdate\Tasks -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\IST -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Ignored
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{12345678-0000-0010-8000-00AAFF6D2EA4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll\\.Owner -> Spyware.WinFavorites : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/AdmilliServX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll\\.Owner -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTactivex.dll\\{386A771C-E96A-421F-8BA7-32F1B706892F} -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTprotect.dll\\.Owner -> Spyware.XXXToolbar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/ISTprotect.dll\\{4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} -> Spyware.XXXToolbar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\\.Owner -> Spyware.Crazywinnings : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/loader2.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx\\.Owner -> Spyware.Roimoi : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/mm21.ocx\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/videoplay.dll\\.Owner -> TrojanDownloader.AXLoad : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/videoplay.dll\\{00000000-7777-0704-0B53-2C8830E9FAEC} -> TrojanDownloader.AXLoad : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/website.ocx\\{79849612-A98F-45B8-95E9-4D13C7B6B35C} -> Spyware.Crazywinnings : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb\\.Owner -> Spyware.Roimoi : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/objsafe.tlb\\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Active -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunWindowsUpdate\Installed -> Spyware.BrowserAid : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AutoUpdate -> Spyware.AproposMedia : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealhelper -> Spyware.DealHelper : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\EliteBar Internet Explorer Toolbar -> Spyware.EliteBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\eZula -> Spyware.eZula : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTbarISTbar -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\media-motor -> Spyware.MediaMotor : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Rotue -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\salm -> Spyware.180Solutions : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WAFAIE -> Adware.AFAEnhance : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8A0DCBDA-6E20-489C-9041-C1E8A0352E75} -> Spyware.NetNucleus : Ignored
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\picsvr -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Ignored
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Ignored
HKLM\SOFTWARE\saie -> Spyware.180Solutions : Ignored
HKLM\SOFTWARE\salm -> Spyware.180Solutions : Ignored
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Ignored
HKLM\SOFTWARE\skin -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\SurfSideKick2 -> Spyware.SurfSide : Ignored
HKLM\SOFTWARE\SurfSideKick2\Internet Explorer -> Spyware.SurfSide : Ignored
HKLM\SOFTWARE\TMKSoft -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\TMKSoft\XPlugin -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Toolbar -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Toolbar\PlugIns -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\Toolbar\PlugIns\COMMON -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\webHancer -> Spyware.Webhancer : Ignored
HKLM\SOFTWARE\webHancer\CC -> Spyware.Webhancer : Ignored
HKLM\SOFTWARE\WinTools -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\WinTools\kydmzylki -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\WinTools\nlibjhin -> Spyware.WebSearch : Ignored
HKLM\SOFTWARE\WinTools\nlibx4m -> Spyware.WebSearch : Ignored
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\ZepMon -> Spyware.BetterInternet : Ignored
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc -> Spyware.WebSearch : Ignored
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Security -> Spyware.WebSearch : Ignored
HKLM\SYSTEM\CurrentControlSet\Services\WinToolsSvc\Enum -> Spyware.WebSearch : Ignored
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Ignored
HKU\.DEFAULT\Software\WinTools -> Spyware.WebSearch : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\AHExe -> Spyware.BetterInternet : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Avenue Media -> Spyware.InternetOptimizer : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Effective-i -> Spyware.EffectiveBrandToolbar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Effective-i\TheSearchAccelerator -> Spyware.EffectiveBrandToolbar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Effective-i\TheSearchAccelerator\IE5 -> Spyware.EffectiveBrandToolbar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\eZula -> Spyware.eZula : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\eZula\Setup -> Spyware.eZula : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\eZula\Setup\ID -> Spyware.eZula : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\eZula\Setup\path -> Spyware.eZula : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\intexp -> Spyware.IEPlugin : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\iPend -> Spyware.ClientMan : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\iPend\StaticBuys -> Spyware.ClientMan : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\IST -> Spyware.ISTBar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\LQ -> Dialer.Generic : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Internet Explorer\Toolbar\\{44BE0690-5429-47f0-85BB-3FFD8020233E} -> Spyware.UCmore : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{825CF5BD-8862-4430-B771-0C15C5CA8DEF} -> Spyware.EliteBar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3643ABC2-21BF-46B9-B230-F247DB0C6FD6} -> Spyware.E2Give : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87766247-311C-43B4-8499-3D5FEC94A183} -> Spyware.HuntBar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C900B400-CDFE-11D3-976A-00E02913A9E0} -> Spyware.Webhancer : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\saie -> Spyware.180Solutions : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\salm -> Spyware.180Solutions : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\VB and VBA Program Settings\VBouncer -> Spyware.VirtualBouncer : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\VB and VBA Program Settings\VBouncer\Settings -> Spyware.VirtualBouncer : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\WinTools -> Spyware.WebSearch : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\WinTools\URLSearchHooks -> Spyware.WebSearch : Ignored
HKU\S-1-5-21-2387590086-284587905-4097411637-1008\Software\{12EE7A5E-0674-42f9-A76B-000000004D00} -> Spyware.BrowserAid : Ignored
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Ignored
HKU\S-1-5-18\Software\WinTools -> Spyware.WebSearch : Ignored
C:\Documents and Settings\Jay\Cookies\jay@2o7[1].txt -> Spyware.Cookie.2o7 : Ignored
C:\Documents and Settings\Jay\Cookies\jay@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Ignored
C:\Documents and Settings\Jay\Cookies\jay@ads.pointroll[2].txt -> Spyware.Cookie.Pointr
  • 0

#19
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
...

Edited by jaimen, 06 October 2005 - 08:32 PM.

  • 0

#20
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Jaimen

Looking at the Ewido log, it would appear that you chose to ignore the first bad entry that Ewido found and also told Ewido to perform this action for every item found, hence it ignored everything.

Please rescan with Ewido and choose REMOVE when it alerts you the first time, and frankly, looking at that log and in the knowledge that you had an awful lot of bad files, you could choose perform action with all infections.

Install Ewido Security Suite.
  • Install Ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
    • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update Ewido.
Ewido manual updates
Do NOT run a scan yet.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

For additional help in booting into Safe Mode, see the following site:

Safe Mode

Launch Ewido, there should be an icon on your desktop, double-click it.
  • The programme will now open to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
Now that the updates have been installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with Ewido it is finding cases of false positives.
    • You will need to step through the process of cleaning files one-by-one.
    • If Ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop and include it in your reply.
Now close Ewido security suite.
  • 0

#21
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:48:40 PM, 10/7/2005
+ Report-Checksum: C9463933

+ Scan result:

C:\Documents and Settings\Jay\Cookies\jay@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@ad.yieldmanager[1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@as1.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@popunder.paypopup[2].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@rotator.adjuggler[2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Jay\Cookies\jay@z1.adserver[2].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\RADIOSHACK6343\gogotools.exe/SilentInstallW32.exe -> Spyware.GogoTools : Error during cleaning
C:\Program Files\Common Files\system32.dll/gui.exe -> TrojanDownloader.Agent.rv : Error during cleaning
C:\WINDOWS\system32\Cache\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\WINDOWS\system32\Cache\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL -> Spyware.UCmore : Error during cleaning
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL -> Spyware.UCmore : Error during cleaning


::Report End
  • 0

#22
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Jaimen

I am truly amazed, but it looks like we are going to clean this PC. Let's get this next bit done.

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the Killbox programme, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and settings\RADIOSHACK6343\gogotools.exe/SilentInstallW32.exe
C:\Program Files\Common Files\system32.dll/gui.exe
C:\WINDOWS\system32\Cache\ucmoreiex.exe/UCMTSAIE.DLL
C:\WINDOWS\system32\Cache\ucmoreiex.exe/IUCMORE.DLL
C:\WINDOWS\ucmoreiex.exe/UCMTSAIE.DLL
C:\WINDOWS\ucmoreiex.exe/IUCMORE.DLL


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt..

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

A fresh HJT log please. Also, can I take you back two posts and ask you what happened to the last part of the WinPfind log? If you don't have it, please rescan with WinPfind and post the log.
  • 0

#23
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
Logfile of HijackThis v1.99.1
Scan saved at 7:42:56 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\HJT\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.c...J9QTfcJWqZr2ytd
R3 - Default URLSearchHook is missing
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104451058202
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128303306358
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#24
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

Checking Selected Standard Folders

Checking %SystemDrive% folder...
UPX! 4/30/2005 2:10:22 PM 95744 C:\adlinstallwin32.exe

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
SAHAgent 5/11/2005 5:12:04 PM 49664 C:\WINDOWS\3vjhr1g9.exe
PEC2 9/11/2005 10:27:24 AM 1440054 C:\WINDOWS\Alicia Keys.bmp
SAHAgent 6/8/2005 10:16:02 AM 50176 C:\WINDOWS\coqm8krf.exe
SAHAgent 6/8/2005 10:16:02 AM 50176 C:\WINDOWS\nvr1liqm.exe
aspack 7/15/2005 6:34:48 PM 38400 C:\WINDOWS\shop1004.exe
UPX! 7/16/2005 9:22:10 AM 45312 C:\WINDOWS\tct101.dll
UPX! 7/15/2005 6:31:46 PM 65024 C:\WINDOWS\thin-114-1-x-x.exe
UPX! 9/14/2005 6:28:42 PM 226536 C:\WINDOWS\whCC-GIANT.exe

Checking %System% folder...
UPX! 4/11/2005 3:17:10 PM 60928 C:\WINDOWS\SYSTEM32\1800414.dll
UPX! 4/11/2005 3:17:10 PM 60928 C:\WINDOWS\SYSTEM32\180621.dll
SAHAgent 5/18/2005 3:42:40 PM 35 C:\WINDOWS\SYSTEM32\3vjhr1g9.ini
UPX! 5/1/2005 6:47:56 PM 95744 C:\WINDOWS\SYSTEM32\adlinstallwin32.exe
UPX! 5/4/2005 1:00:44 PM 98816 C:\WINDOWS\SYSTEM32\better0503.dll
UPX! 5/4/2005 1:00:44 PM 98816 C:\WINDOWS\SYSTEM32\better621.dll
UPX! 6/2/2005 12:45:14 PM 37888 C:\WINDOWS\SYSTEM32\blizstarluck.dll
UPX! 4/18/2005 9:11:20 AM 168960 C:\WINDOWS\SYSTEM32\blizzard.dll
UPX! 4/18/2005 9:11:20 AM 168960 C:\WINDOWS\SYSTEM32\blizzard621.dll
UPX! 6/21/2005 4:45:02 PM 35328 C:\WINDOWS\SYSTEM32\captain.dll
aspack 9/11/2005 9:37:18 AM 197120 C:\WINDOWS\SYSTEM32\CiaraSS6.scr
SAHAgent 9/1/2005 2:04:26 PM 35 C:\WINDOWS\SYSTEM32\coqm8krf.ini
SAHAgent 10/4/2005 8:42:18 PM 3379 C:\WINDOWS\SYSTEM32\dcbctuaa.ini
UPX! 4/6/2005 12:23:56 PM 51712 C:\WINDOWS\SYSTEM32\delfin0414.dll
UPX! 4/6/2005 12:23:56 PM 51712 C:\WINDOWS\SYSTEM32\delfin621.dll
PEC2 8/18/2001 10:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
SAHAgent 5/11/2005 3:33:50 PM 30720 C:\WINDOWS\SYSTEM32\dr350o9m.exe
SAHAgent 9/1/2005 2:04:26 PM 35 C:\WINDOWS\SYSTEM32\dr350o9m.ini
69.59.186.63 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
209.66.67.134 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
web-nex 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
winsync 10/4/2005 8:41:00 PM 133120 C:\WINDOWS\SYSTEM32\fkrml.dll
UPX! 5/13/2005 1:36:00 PM 66560 C:\WINDOWS\SYSTEM32\golden513.dll
UPX! 5/13/2005 1:36:00 PM 66560 C:\WINDOWS\SYSTEM32\golden621.dll
UPX! 4/6/2005 12:23:58 PM 61440 C:\WINDOWS\SYSTEM32\goldnew2b0414.dll
SAHAgent 5/11/2005 3:33:50 PM 30720 C:\WINDOWS\SYSTEM32\gsdbd6g4.exe
SAHAgent 5/18/2005 3:42:40 PM 35 C:\WINDOWS\SYSTEM32\gsdbd6g4.ini
SAHAgent 5/11/2005 3:33:50 PM 30720 C:\WINDOWS\SYSTEM32\gvhbr57h.exe
SAHAgent 9/14/2005 6:29:52 PM 35 C:\WINDOWS\SYSTEM32\gvhbr57h.ini
SAHAgent 6/17/2005 3:21:42 PM 204288 C:\WINDOWS\SYSTEM32\h8s7vs91.exe
SAHAgent 9/10/2005 4:33:46 PM 3534 C:\WINDOWS\SYSTEM32\h8s7vs91.ini
FSG! 3/30/2005 9:43:14 PM 398742 C:\WINDOWS\SYSTEM32\Iidtvtk1.xml
69.59.186.63 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
209.66.67.134 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
web-nex 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
winsync 10/4/2005 8:40:58 PM 181760 C:\WINDOWS\SYSTEM32\iltcoic.dll
69.59.186.63 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
209.66.67.134 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
web-nex 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
winsync 9/6/2005 5:13:10 PM 10240 C:\WINDOWS\SYSTEM32\jeoab.dll
UPX! 8/16/2005 8:04:42 AM 121433 C:\WINDOWS\SYSTEM32\mc-110-12-0000079.exe
UPX! 5/25/2005 6:45:14 PM 119229 C:\WINDOWS\SYSTEM32\mc-58-12-0000079.exe
UPX! 6/26/2005 6:00:18 AM 20992 C:\WINDOWS\SYSTEM32\msclock32.dll
UPX! 8/22/2001 8:00:00 PM 193024 C:\WINDOWS\SYSTEM32\mskceo.dll
UPX! 8/22/2001 8:00:00 PM 209920 C:\WINDOWS\SYSTEM32\mskhhe.dll
UPX! 6/12/2005 10:01:52 AM 20992 C:\WINDOWS\SYSTEM32\msplock32.dll
UPX! 8/15/2005 6:56:46 PM 25105 C:\WINDOWS\SYSTEM32\MTE2ODM6ODoxNg.exe
aspack 8/4/2004 3:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
SAHAgent 9/14/2005 6:29:52 PM 35 C:\WINDOWS\SYSTEM32\nvr1liqm.ini
SAHAgent 5/11/2005 8:11:20 AM 202240 C:\WINDOWS\SYSTEM32\p6js2sqb.exe
SAHAgent 6/26/2005 11:38:32 AM 3517 C:\WINDOWS\SYSTEM32\p6js2sqb.ini
UPX! 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
qoologic 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
ad-beh 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
ad-behNior.com 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
KavSvc 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
69.59.186.63 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
209.66.67.134 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
66.63.167.97 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
66.63.167.77 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
yourkey 5/24/2005 3:54:52 PM 73728 C:\WINDOWS\SYSTEM32\Qool.exe
Umonitor 8/4/2004 3:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 6/21/2005 4:40:30 PM 36352 C:\WINDOWS\SYSTEM32\riverbelle.dll
abetterinternet.com 6/26/2005 11:34:36 AM 283774 C:\WINDOWS\SYSTEM32\saie.log
UPX! 3/30/2005 12:30:22 PM 125440 C:\WINDOWS\SYSTEM32\saie1108.exe
aspack 6/26/2005 10:11:48 AM 11292241 C:\WINDOWS\SYSTEM32\saie_kyf.dat
PTech 6/26/2005 10:11:48 AM 11292241 C:\WINDOWS\SYSTEM32\saie_kyf.dat
UPX! 4/11/2005 5:47:48 PM 22016 C:\WINDOWS\SYSTEM32\searchdll.dll
69.59.186.63 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
209.66.67.134 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
web-nex 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
winsync 9/6/2005 5:13:10 PM 46080 C:\WINDOWS\SYSTEM32\sfksgss.dll
UPX! 8/5/2005 10:04:38 PM 65024 C:\WINDOWS\SYSTEM32\thin-138-1-x-x.exe
UPX! 4/2/2005 9:36:08 AM 69120 C:\WINDOWS\SYSTEM32\tksrv99.exe
UPX! 4/2/2005 9:39:14 AM 143360 C:\WINDOWS\SYSTEM32\ucsi.exe
winsync 8/18/2001 10:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu

Checking %System%\Drivers folder and sub-folders...
PTech 8/4/2004 1:41:38 AM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/5/2005 5:28:04 PM S 2048 C:\WINDOWS\bootstat.dat
10/2/2005 3:31:08 PM HS 219136 C:\WINDOWS\Thumbs.db
10/3/2005 7:38:20 AM H 0 C:\WINDOWS\inf\oem45.inf
10/2/2005 10:55:16 PM RHS 286777 C:\WINDOWS\PCHEALTH\HELPCTR\PackageStore\package_10.cab
10/5/2005 5:30:14 PM H 1024 C:\WINDOWS\system32\config\default.LOG
10/5/2005 5:29:18 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
10/5/2005 5:29:48 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
10/5/2005 6:13:20 PM H 1024 C:\WINDOWS\system32\config\software.LOG
10/5/2005 6:13:20 PM H 1024 C:\WINDOWS\system32\config\system.LOG
10/5/2005 5:29:28 PM HS 192 C:\WINDOWS\Tasks\RUTASK.job
10/5/2005 5:28:12 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Ahead Software AG 5/26/2003 7:12:14 AM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/6/2001 2:14:22 PM 24665 C:\WINDOWS\SYSTEM32\plugincpl131.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 1/6/2004 4:02:36 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 9/24/2005 10:42:38 PM 106544 C:\WINDOWS\SYSTEM32\TWEAKUI.CPL
Compaq Computer Corporation 4/8/2002 9:00:28 PM 106496 C:\WINDOWS\SYSTEM32\UICONFIG.cpl
Microsoft Corporation 8/4/2004 3:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 35840 C:\WINDOWS\SYSTEM32\dllcache\ncpa.cpl
Microsoft Corporation 8/18/2001 10:00:00 AM 28160 C:\WINDOWS\SYSTEM32\dllcache\telephon.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/17/2001 12:56:56 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/17/2001 12:47:10 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini
8/25/2005 1:57:42 PM 5704 C:\Documents and Settings\All Users\Application Data\ypinfo.bin

Checking files in %USERPROFILE%\Startup folder...
9/17/2001 12:56:56 AM HS 84 C:\Documents and Settings\Jay\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
9/17/2001 12:47:10 AM HS 62 C:\Documents and Settings\Jay\Application Data\desktop.ini
10/4/2005 9:20:02 AM 462647 C:\Documents and Settings\Jay\Application Data\Sskknwrd.dll

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
acc=marketingsector =
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fmtyqfyk
{70c43dea-a59b-4060-bca8-4b63dda808c0} = C:\WINDOWS\System32\fkrml.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\Program Files\Yahoo!\Common\ymmapi.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\BriefcaseMenu
{85BBD920-42A0-1069-A2E4-08002B30309D} = syncui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\CA_AntiVirus
{1CE2AA40-1317-11D3-9922-00104B0AD431} = C:\WINDOWS\avshlext.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}
= C:\WINDOWS\system32\wuauclt.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA356D79-679B-4b4c-8E49-5AF97014F4C1}
Starware = C:\Program Files\Starware\bin\Starware.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{12EE7A5E-0674-42f9-A76B-000000004D00}
Search = C:\WINDOWS\System32\stlb2.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\CmdMapping
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2499216C-4BA5-11D5-BD9C-000103C116D5}
ButtonText = Yahoo! Login :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AC9E2541-2814-11d5-BC6D-00B0D0A1DE45}
ButtonText = AIM : C:\Program Files\AIM95\aim.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{825CF5BD-8862-4430-B771-0C15C5CA8DEF} = &EliteBar : C:\WINDOWS\EliteToolBar\EliteToolBar version 60.dll
{77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} = :
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{D49E9D35-254C-4C6A-9D17-95018D228FF5} = Starware : C:\Program Files\Starware\bin\Starware.dll
{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} = Related Page : C:\WINDOWS\System32\WinNB57.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
TkBellExe C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
1 C:\WINDOWS\system32\cmd.exe /c erase "c:\winnt\temp\acsuninstall.exe"
2 C:\WINDOWS\system32\cmd.exe /c erase "c:\winnt\temp\AcsUninstallRes.dll"
3 C:\WINDOWS\system32\cmd.exe /c erase "c:\winnt\temp\shfolder.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Creative Detector "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
AIM C:\Program Files\AIM95\aim.exe -cnetwait.odl

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
item America Online 9.0 Tray Icon
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup C:\WINDOWS\pss\America Online 9.0 Tray Icon.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\AMERIC~1.0\aoltray.exe -check
item America Online 9.0 Tray Icon

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Exif Launcher.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FINEPI~1\QuickDCF.exe
item Exif Launcher
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Exif Launcher.lnk
backup C:\WINDOWS\pss\Exif Launcher.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\FINEPI~1\QuickDCF.exe
item Exif Launcher

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
backup C:\WINDOWS\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\COMMON~1\MICROS~1\WORKSS~1\wkcalrem.exe
item Microsoft Works Calendar Reminders

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^nrpa.exe
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
backup C:\WINDOWS\pss\nrpa.exeCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
item nrpa
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
backup C:\WINDOWS\pss\nrpa.exeCommon Startup
location Common Startup
command C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nrpa.exe
item nrpa

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
item officejet 6100
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
item officejet 6100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\WinZip\WZQKPICK.EXE
item WinZip Quick Pick
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
backup C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\WinZip\WZQKPICK.EXE
item WinZip Quick Pick

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\5eb0c15fe81c
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bitsprx3
hkey HKLM
command C:\WINDOWS\System32\bitsprx3.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bitsprx3
hkey HKLM
command C:\WINDOWS\System32\bitsprx3.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\98D0CE0C16B1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe D0CE0C16B1,D0CE0C16B1
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe D0CE0C16B1,D0CE0C16B1
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\A70F6A1D-0195-42a2-934C-D8AC0F7C08EB
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe E6F1873B.DLL,D9EBC318C
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe E6F1873B.DLL,D9EBC318C
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AIM
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item aim
hkey HKCU
command C:\Program Files\AIM95\aim.exe -cnetwait.odl
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOL Spyware Protection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLSP Scheduler
hkey HKLM
command "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLSP Scheduler
hkey HKLM
command "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AOLDialer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
command C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AOLDial
hkey HKLM
command C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AtxBrw
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IEXPLOR
hkey HKLM
command C:\WINDOWS\IEXPLOR.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item IEXPLOR
hkey HKLM
command C:\WINDOWS\IEXPLOR.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AUNPS2
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32 AUNPS2
hkey HKLM
command RUNDLL32 AUNPS2.DLL,_Run@16
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32 AUNPS2
hkey HKLM
command RUNDLL32 AUNPS2.DLL,_Run@16
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AutoUpdater
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AutoUpdate
hkey HKLM
command "C:\Program Files\AutoUpdate\AutoUpdate.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AutoUpdate
hkey HKLM
command "C:\Program Files\AutoUpdate\AutoUpdate.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BJCFD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CFD
hkey HKLM
command C:\Program Files\BroadJump\Client Foundation\CFD.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CFD
hkey HKLM
command C:\Program Files\BroadJump\Client Foundation\CFD.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BMan
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BMan1
hkey HKLM
command C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BMan1
hkey HKLM
command C:\Documents and Settings\All Users\Application Data\msw\BMan1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO4gyw^ܜMC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO4gyw^ܜMC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOh[bxC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOh[bxC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[C:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[C:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOv[bbC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOo!u#

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOo!u#\bC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bOo!u#\ƴC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO)%)fNbC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO)%)fNbC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\bO[bC:\Program Files

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BullsEye Network
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bargains
hkey HKLM
command C:\Program Files\BullsEye Network\bin\bargains.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bargains
hkey HKLM
command C:\Program Files\BullsEye Network\bin\bargains.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\C:\WINDOWS

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CaAvTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVTray
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVTray
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CARPService
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item carpserv
hkey HKLM
command carpserv.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item carpserv
hkey HKLM
command carpserv.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAS Client
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item casclient
hkey HKCU
command "C:\Program Files\Cas\Client\casclient.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CAVRID
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVRID
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CAVRID
hkey HKLM
command "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cepvenc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cepvenc
hkey HKLM
command C:\WINDOWS\cepvenc.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cepvenc
hkey HKLM
command C:\WINDOWS\cepvenc.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cfgmgr52
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cfgmgr52
hkey HKLM
command RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\checkrun
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item elitelgw32
hkey HKLM
command C:\windows\system32\elitelgw32.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item elitelgw32
hkey HKLM
command C:\windows\system32\elitelgw32.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cisrgmi
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item riqgjq
hkey HKLM
command c:\windows\system32\riqgjq.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item riqgjq
hkey HKLM
command c:\windows\system32\riqgjq.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\cjlgnf
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cjlgnf
hkey HKLM
command c:\windows\system32\cjlgnf.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item cjlgnf
hkey HKLM
command c:\windows\system32\cjlgnf.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CookiePatrol
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CookiePatrol
hkey HKLM
command C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item CookiePatrol
hkey HKLM
command C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\CPQEASYACC
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StartEAK
hkey HKLM
command C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item StartEAK
hkey HKLM
command C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\dc619edbd9a4
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bootvid1
hkey HKLM
command C:\WINDOWS\System32\bootvid1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item bootvid1
hkey HKLM
command C:\WINDOWS\System32\bootvid1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\emqe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ncadapth
hkey HKLM
command C:\WINDOWS\ncadapth.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ncadapth
hkey HKLM
command C:\WINDOWS\ncadapth.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\exp.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item exp
hkey HKLM
command C:\WINDOWS\System32\exp.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\farmmext
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item farmmext
hkey HKLM
command C:\WINDOWS\farmmext.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item farmmext
hkey HKLM
command C:\WINDOWS\farmmext.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\fcdud
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fcdud
hkey HKLM
command C:\WINDOWS\fcdud.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item fcdud
hkey HKLM
command C:\WINDOWS\fcdud.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Fdrcaxo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ffwwos
hkey HKLM
command C:\Program Files\Jnfrl\Ffwwos.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ffwwos
hkey HKLM
command C:\Program Files\Jnfrl\Ffwwos.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FlaCPY
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item flacpy
hkey HKLM
command "C:\Program Files\Common Files\Java\flacpy.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item flacpy
hkey HKLM
command "C:\Program Files\Common Files\Java\flacpy.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\FtkCPY
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ftkcpy
hkey HKLM
command "C:\Program Files\Common Files\Java\ftkcpy.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ftkcpy
hkey HKLM
command "C:\Program Files\Common Files\Java\ftkcpy.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\G3
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GSMedia3
hkey HKLM
command C:\WINDOWS\System32\GSMedia3.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item GSMedia3
hkey HKLM
command C:\WINDOWS\System32\GSMedia3.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\h8s7vs91
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item h8s7vs91
hkey HKLM
command C:\WINDOWS\System32\h8s7vs91.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item h8s7vs91
hkey HKLM
command C:\WINDOWS\System32\h8s7vs91.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hah
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hah
hkey HKLM
command C:\WINDOWS\hah.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hah
hkey HKLM
command C:\WINDOWS\hah.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hneuni
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hneuni
hkey HKCU
command C:\WINDOWS\System32\hneuni.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hneuni
hkey HKCU
command C:\WINDOWS\System32\hneuni.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\hozvpqwlc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hozvpqwlc
hkey HKLM
command c:\windows\system32\hozvpqwlc.exe -start
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hozvpqwlc
hkey HKLM
command c:\windows\system32\hozvpqwlc.exe -start
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Internet Optimizer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
command "C:\Program Files\Internet Optimizer\optimize.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item optimize
hkey HKLM
command "C:\Program Files\Internet Optimizer\optimize.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IST Service
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
command C:\Program Files\ISTsvc\istsvc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item istsvc
hkey HKLM
command C:\Program Files\ISTsvc\istsvc.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KavSvc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rhnamr
hkey HKLM
command C:\WINDOWS\System32\rhnamr.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rhnamr
hkey HKLM
command C:\WINDOWS\System32\rhnamr.exe reg_run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Access
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
command C:\Program Files\Media Access\MediaAccK.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaAccK
hkey HKLM
command C:\Program Files\Media Access\MediaAccK.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Media Gateway
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MediaGateway
hkey HKLM
command C:\Program Files\Media Gateway\MediaGateway.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Portfolio
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WksSb
hkey HKLM
command C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Microsoft Works Update Detection
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WkDetect
hkey HKLM
command C:\Program Files\Microsoft Works\WkDetect.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\mprpmo
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mprpmo
hkey HKCU
command C:\WINDOWS\System32\mprpmo.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mprpmo
hkey HKCU
command C:\WINDOWS\System32\mprpmo.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ms044108851350
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ms044108851350
hkey HKLM
command C:\WINDOWS\ms044108851350.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ms044108851350
hkey HKLM
command C:\WINDOWS\ms044108851350.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\msmc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mskkk
hkey HKLM
command C:\WINDOWS\System32\mskkk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mskkk
hkey HKLM
command C:\WINDOWS\System32\mskkk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Nsv
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nsvsvc
hkey HKLM
command C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item nsvsvc
hkey HKLM
command C:\WINDOWS\System32\nsvsvc\nsvsvc.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32
hkey HKLM
command RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RUNDLL32
hkey HKLM
command RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
inimapping 0

Edited by jaimen, 07 October 2005 - 05:51 PM.

  • 0

#25
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OSS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rlvknlg
hkey HKLM
command C:\windows\rlvknlg.exe -boot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rlvknlg
hkey HKLM
command C:\windows\rlvknlg.exe -boot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\p6js2sqb
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item p6js2sqb
hkey HKLM
command C:\WINDOWS\System32\p6js2sqb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item p6js2sqb
hkey HKLM
command C:\WINDOWS\System32\p6js2sqb.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PaciSoft
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pacis
hkey HKLM
command C:\WINDOWS\System32\pacis.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pacis
hkey HKLM
command C:\WINDOWS\System32\pacis.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PestPatrol Control Center
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPControl
hkey HKLM
command C:\Program Files\PestPatrol\PPControl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPControl
hkey HKLM
command C:\Program Files\PestPatrol\PPControl.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PestPatrolCL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PestPatrolCL
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PestPatrolCL
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\phqwhc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item phqwhc
hkey HKLM
command C:\WINDOWS\System32\phqwhc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item phqwhc
hkey HKLM
command C:\WINDOWS\System32\phqwhc.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\picsvr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item picsvr
hkey HKLM
command C:\WINDOWS\System32\picsvr\picsvr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item picsvr
hkey HKLM
command C:\WINDOWS\System32\picsvr\picsvr.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PopUpStopperFreeEdition
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSFree
hkey HKCU
command "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSFree
hkey HKCU
command "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PPMemCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPMemCheck
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPMemCheck
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PS1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ps1
hkey HKLM
command C:\WINDOWS\System32\ps1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ps1
hkey HKLM
command C:\WINDOWS\System32\ps1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSof1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\System32\PSof1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\System32\PSof1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSoft1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item psoft1
hkey HKLM
command C:\WINDOWS\System32\psoft1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item psoft1
hkey HKLM
command C:\WINDOWS\System32\psoft1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qwaaksmmosllgufkkrqiivjsf
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ioblgfvj
hkey HKLM
command C:\WINDOWS\ioblgfvj.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ioblgfvj
hkey HKLM
command C:\WINDOWS\ioblgfvj.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RecoverFromReboot
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RecoverFromReboot
hkey HKLM
command C:\WINDOWS\Temp\RecoverFromReboot.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RecoverFromReboot
hkey HKLM
command C:\WINDOWS\Temp\RecoverFromReboot.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REGSHAVE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\s75h3qU
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iexppagn
hkey HKLM
command iexppagn.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iexppagn
hkey HKLM
command iexppagn.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saie
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saie
hkey HKLM
command c:\windows\system32\saie.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saie
hkey HKLM
command c:\windows\system32\saie.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\salm
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item salm
hkey HKLM
command c:\temp\salm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item salm
hkey HKLM
command c:\temp\salm.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\secure
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Iidtvt
hkey HKLM
command C:\WINDOWS\System32\Iidtvt.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Iidtvt
hkey HKLM
command C:\WINDOWS\System32\Iidtvt.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Security iGuard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Security iGuard
hkey HKLM
command C:\Program Files\Security iGuard\Security iGuard.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Security iGuard
hkey HKLM
command C:\Program Files\Security iGuard\Security iGuard.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\srmclean
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfSideKick 3
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ssk
hkey HKLM
command C:\Program Files\SurfSideKick 3\Ssk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ssk
hkey HKLM
command C:\Program Files\SurfSideKick 3\Ssk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swlpqi
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ksheqt
hkey HKLM
command c:\windows\system32\ksheqt.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ksheqt
hkey HKLM
command c:\windows\system32\ksheqt.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service62
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka62
hkey HKLM
command C:\WINDOWS\etb\pokapoka62.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka62
hkey HKLM
command C:\WINDOWS\etb\pokapoka62.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service63
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka63
hkey HKLM
command C:\WINDOWS\etb\pokapoka63.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka63
hkey HKLM
command C:\WINDOWS\etb\pokapoka63.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SystemCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SysCheckBop32
hkey HKLM
command C:\WINDOWS\SysCheckBop32
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SysCheckBop32
hkey HKLM
command C:\WINDOWS\SysCheckBop32
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tapisys
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tss
hkey HKLM
command C:\WINDOWS\System32\tss.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tss
hkey HKLM
command C:\WINDOWS\System32\tss.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item evntsvc
hkey HKLM
command C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item evntsvc
hkey HKLM
command C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOUTDLL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TOUTDLL
hkey HKLM
command C:\WINDOWS\TOUTDLL.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TOUTDLL
hkey HKLM
command C:\WINDOWS\TOUTDLL.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tpfiec
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tpfiec
hkey HKLM
command C:\WINDOWS\System32\tpfiec.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tpfiec
hkey HKLM
command C:\WINDOWS\System32\tpfiec.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ttupt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ttupt
hkey HKLM
command C:\WINDOWS\ttupt.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ttupt
hkey HKLM
command C:\WINDOWS\ttupt.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvs_b
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tvs_b
hkey HKLM
command C:\program files\tvs\tvs_b.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tvs_b
hkey HKLM
command C:\program files\tvs\tvs_b.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB controller
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item svcmm32
hkey HKLM
command "C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\ICD3.tmp\svcmm32.exe" /startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item svcmm32
hkey HKLM
command "C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\ICD3.tmp\svcmm32.exe" /startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VBouncer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VirtualBouncer
hkey HKLM
command C:\PROGRA~1\VBouncer\VirtualBouncer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VirtualBouncer
hkey HKLM
command C:\PROGRA~1\VBouncer\VirtualBouncer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VBundleOuterDL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BundleOuter
hkey HKLM
command C:\Program Files\VBouncer\BundleOuter.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BundleOuter
hkey HKLM
command C:\Program Files\VBouncer\BundleOuter.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vcy1nd6a
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vcy1nd6a
hkey HKLM
command C:\Program Files\vcy1nd6a\vcy1nd6a.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vcy1nd6a
hkey HKLM
command C:\Program Files\vcy1nd6a\vcy1nd6a.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\version
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cdmwcb
hkey HKLM
command C:\WINDOWS\System32\Cdmwcb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cdmwcb
hkey HKLM
command C:\WINDOWS\System32\Cdmwcb.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Visual Element FX5
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item See04152005
hkey HKLM
command C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\See04152005.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item See04152005
hkey HKLM
command C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\See04152005.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Vrytec
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Tofbky
hkey HKLM
command C:\Program Files\Vdia\Tofbky.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Tofbky
hkey HKLM
command C:\Program Files\Vdia\Tofbky.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
command "C:\Program Files\Web_Rebates\WebRebates0.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
command "C:\Program Files\Web_Rebates\WebRebates0.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WeirdOnTheWeb
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WeirdOnTheWeb
hkey HKLM
command "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WeirdOnTheWeb
hkey HKLM
command "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wexcba
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wexcba
hkey HKCU
command C:\WINDOWS\System32\wexcba.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wexcba
hkey HKCU
command C:\WINDOWS\System32\wexcba.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\win32078851350410
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item win32078851350410
hkey HKLM
command C:\WINDOWS\win32078851350410.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item win32078851350410
hkey HKLM
command C:\WINDOWS\win32078851350410.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adrtua
hkey HKLM
command C:\WINDOWS\System32\adrtua.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adrtua
hkey HKLM
command C:\WINDOWS\System32\adrtua.exe reg_run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinTask driver
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wintask
hkey HKLM
command C:\WINDOWS\System32\wintask.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wintask
hkey HKLM
command C:\WINDOWS\System32\wintask.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinTools
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WToolsA
hkey HKLM
command C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WToolsA
hkey HKLM
command C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winupdtl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winupdt
hkey HKLM
command C:\WINDOWS\System32\winupdt.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winupdt
hkey HKLM
command C:\WINDOWS\System32\winupdt.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xware
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xware
hkey HKLM
command "C:\WINDOWS\xware.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xware
hkey HKLM
command "C:\WINDOWS\xware.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\Program Files\Yahoo!\browser\ybrwicon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\Program Files\Yahoo!\browser\ybrwicon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ylqgic
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ylqgic
hkey HKLM
command C:\WINDOWS\System32\ylqgic.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ylqgic
hkey HKLM
command C:\WINDOWS\System32\ylqgic.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yop
hkey HKLM
command C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yop
hkey HKLM
command C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zunqdll
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zunqdll
hkey HKLM
command C:\WINDOWS\zunqdll.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zunqdll
hkey HKLM
command C:\WINDOWS\zunqdll.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe stlb2.dll,DllRunMain
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe stlb2.dll,DllRunMain
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
wexcba C:\WINDOWS\System32\wexcba.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/5/2005 6:15:53 PM
  • 0

Advertisements


#26
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Jaimen

Let's try to get this right.

You posted a log from WinPfind a day ago and I spent a couple of hours analysing it for you. I gave you the fix based upon what I could see. I noted and commented that I thought the log ended a little abruptly and that there was therefore more of it that would not fit into the page when you uploaded.

With the greatest respect for humanity, I am not going to pore over the log you sent in a day ago again; I just need the bit I haven't seen yet.

If you do not have it, repeat the scan and send the whole log (it will be shorter than before).

You must understand that your PC problem is one of 50 that I am dealing with. I cannot afford to devote another two hours to your old WinPfind log.

I will not even look at your HJT log until I see either the final part of the old log or a new log from WinPfind.
  • 0

#27
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\OSS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rlvknlg
hkey HKLM
command C:\windows\rlvknlg.exe -boot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rlvknlg
hkey HKLM
command C:\windows\rlvknlg.exe -boot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\p6js2sqb
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item p6js2sqb
hkey HKLM
command C:\WINDOWS\System32\p6js2sqb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item p6js2sqb
hkey HKLM
command C:\WINDOWS\System32\p6js2sqb.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PaciSoft
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pacis
hkey HKLM
command C:\WINDOWS\System32\pacis.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pacis
hkey HKLM
command C:\WINDOWS\System32\pacis.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PestPatrol Control Center
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPControl
hkey HKLM
command C:\Program Files\PestPatrol\PPControl.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPControl
hkey HKLM
command C:\Program Files\PestPatrol\PPControl.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PestPatrolCL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PestPatrolCL
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PestPatrolCL
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PestPatrolCL.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\phqwhc
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item phqwhc
hkey HKLM
command C:\WINDOWS\System32\phqwhc.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item phqwhc
hkey HKLM
command C:\WINDOWS\System32\phqwhc.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\picsvr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item picsvr
hkey HKLM
command C:\WINDOWS\System32\picsvr\picsvr.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item picsvr
hkey HKLM
command C:\WINDOWS\System32\picsvr\picsvr.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PopUpStopperFreeEdition
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSFree
hkey HKCU
command "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSFree
hkey HKCU
command "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PPMemCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPMemCheck
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PPMemCheck
hkey HKLM
command C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PS1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ps1
hkey HKLM
command C:\WINDOWS\System32\ps1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ps1
hkey HKLM
command C:\WINDOWS\System32\ps1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSof1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\System32\PSof1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PSof1
hkey HKLM
command C:\WINDOWS\System32\PSof1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PSoft1
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item psoft1
hkey HKLM
command C:\WINDOWS\System32\psoft1.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item psoft1
hkey HKLM
command C:\WINDOWS\System32\psoft1.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\qwaaksmmosllgufkkrqiivjsf
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ioblgfvj
hkey HKLM
command C:\WINDOWS\ioblgfvj.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ioblgfvj
hkey HKLM
command C:\WINDOWS\ioblgfvj.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\RecoverFromReboot
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RecoverFromReboot
hkey HKLM
command C:\WINDOWS\Temp\RecoverFromReboot.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item RecoverFromReboot
hkey HKLM
command C:\WINDOWS\Temp\RecoverFromReboot.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\REGSHAVE
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item REGSHAVE
hkey HKLM
command C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\s75h3qU
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iexppagn
hkey HKLM
command iexppagn.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iexppagn
hkey HKLM
command iexppagn.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\saie
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saie
hkey HKLM
command c:\windows\system32\saie.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item saie
hkey HKLM
command c:\windows\system32\saie.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\salm
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item salm
hkey HKLM
command c:\temp\salm.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item salm
hkey HKLM
command c:\temp\salm.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\secure
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Iidtvt
hkey HKLM
command C:\WINDOWS\System32\Iidtvt.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Iidtvt
hkey HKLM
command C:\WINDOWS\System32\Iidtvt.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Security iGuard
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Security iGuard
hkey HKLM
command C:\Program Files\Security iGuard\Security iGuard.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Security iGuard
hkey HKLM
command C:\Program Files\Security iGuard\Security iGuard.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\srmclean
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item srmclean
hkey HKLM
command C:\Cpqs\Scom\srmclean.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SurfSideKick 3
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ssk
hkey HKLM
command C:\Program Files\SurfSideKick 3\Ssk.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ssk
hkey HKLM
command C:\Program Files\SurfSideKick 3\Ssk.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\swlpqi
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ksheqt
hkey HKLM
command c:\windows\system32\ksheqt.exe r
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ksheqt
hkey HKLM
command c:\windows\system32\ksheqt.exe r
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service62
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka62
hkey HKLM
command C:\WINDOWS\etb\pokapoka62.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka62
hkey HKLM
command C:\WINDOWS\etb\pokapoka62.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\System service63
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka63
hkey HKLM
command C:\WINDOWS\etb\pokapoka63.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pokapoka63
hkey HKLM
command C:\WINDOWS\etb\pokapoka63.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SystemCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SysCheckBop32
hkey HKLM
command C:\WINDOWS\SysCheckBop32
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SysCheckBop32
hkey HKLM
command C:\WINDOWS\SysCheckBop32
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tapisys
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tss
hkey HKLM
command C:\WINDOWS\System32\tss.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tss
hkey HKLM
command C:\WINDOWS\System32\tss.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TkBellExe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item evntsvc
hkey HKLM
command C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item evntsvc
hkey HKLM
command C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOUTDLL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TOUTDLL
hkey HKLM
command C:\WINDOWS\TOUTDLL.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TOUTDLL
hkey HKLM
command C:\WINDOWS\TOUTDLL.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tpfiec
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tpfiec
hkey HKLM
command C:\WINDOWS\System32\tpfiec.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tpfiec
hkey HKLM
command C:\WINDOWS\System32\tpfiec.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ttupt
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ttupt
hkey HKLM
command C:\WINDOWS\ttupt.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ttupt
hkey HKLM
command C:\WINDOWS\ttupt.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\tvs_b
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tvs_b
hkey HKLM
command C:\program files\tvs\tvs_b.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item tvs_b
hkey HKLM
command C:\program files\tvs\tvs_b.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\USB controller
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item svcmm32
hkey HKLM
command "C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\ICD3.tmp\svcmm32.exe" /startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item svcmm32
hkey HKLM
command "C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\ICD3.tmp\svcmm32.exe" /startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VBouncer
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VirtualBouncer
hkey HKLM
command C:\PROGRA~1\VBouncer\VirtualBouncer.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item VirtualBouncer
hkey HKLM
command C:\PROGRA~1\VBouncer\VirtualBouncer.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\VBundleOuterDL
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BundleOuter
hkey HKLM
command C:\Program Files\VBouncer\BundleOuter.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BundleOuter
hkey HKLM
command C:\Program Files\VBouncer\BundleOuter.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\vcy1nd6a
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vcy1nd6a
hkey HKLM
command C:\Program Files\vcy1nd6a\vcy1nd6a.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item vcy1nd6a
hkey HKLM
command C:\Program Files\vcy1nd6a\vcy1nd6a.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\version
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cdmwcb
hkey HKLM
command C:\WINDOWS\System32\Cdmwcb.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Cdmwcb
hkey HKLM
command C:\WINDOWS\System32\Cdmwcb.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Visual Element FX5
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item See04152005
hkey HKLM
command C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\See04152005.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item See04152005
hkey HKLM
command C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\See04152005.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Vrytec
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Tofbky
hkey HKLM
command C:\Program Files\Vdia\Tofbky.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Tofbky
hkey HKLM
command C:\Program Files\Vdia\Tofbky.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WebRebates0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
command "C:\Program Files\Web_Rebates\WebRebates0.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WebRebates0
hkey HKLM
command "C:\Program Files\Web_Rebates\WebRebates0.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WeirdOnTheWeb
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WeirdOnTheWeb
hkey HKLM
command "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WeirdOnTheWeb
hkey HKLM
command "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\wexcba
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wexcba
hkey HKCU
command C:\WINDOWS\System32\wexcba.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wexcba
hkey HKCU
command C:\WINDOWS\System32\wexcba.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\win32078851350410
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item win32078851350410
hkey HKLM
command C:\WINDOWS\win32078851350410.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item win32078851350410
hkey HKLM
command C:\WINDOWS\win32078851350410.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winsync
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adrtua
hkey HKLM
command C:\WINDOWS\System32\adrtua.exe reg_run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item adrtua
hkey HKLM
command C:\WINDOWS\System32\adrtua.exe reg_run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinTask driver
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wintask
hkey HKLM
command C:\WINDOWS\System32\wintask.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item wintask
hkey HKLM
command C:\WINDOWS\System32\wintask.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WinTools
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WToolsA
hkey HKLM
command C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WToolsA
hkey HKLM
command C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\winupdtl
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winupdt
hkey HKLM
command C:\WINDOWS\System32\winupdt.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item winupdt
hkey HKLM
command C:\WINDOWS\System32\winupdt.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\xware
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xware
hkey HKLM
command "C:\WINDOWS\xware.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item xware
hkey HKLM
command "C:\WINDOWS\xware.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YBrowser
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\Program Files\Yahoo!\browser\ybrwicon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ybrwicon
hkey HKLM
command C:\Program Files\Yahoo!\browser\ybrwicon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ylqgic
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ylqgic
hkey HKLM
command C:\WINDOWS\System32\ylqgic.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ylqgic
hkey HKLM
command C:\WINDOWS\System32\ylqgic.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\YOP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yop
hkey HKLM
command C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item yop
hkey HKLM
command C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\zunqdll
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zunqdll
hkey HKLM
command C:\WINDOWS\zunqdll.EXE
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item zunqdll
hkey HKLM
command C:\WINDOWS\zunqdll.EXE
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\{12EE7A5E-0674-42f9-A76B-000000004D00}
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe stlb2.dll,DllRunMain
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item rundll32
hkey HKLM
command rundll32.exe stlb2.dll,DllRunMain
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 1


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
wexcba C:\WINDOWS\System32\wexcba.exe

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


Scan Complete
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/5/2005 6:15:53 PM
  • 0

#28
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again Jaimen

Some or perhaps many of these files will have already been deleted by Ewido if this is from the scan before Ewido ran.

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the Killbox programme, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\windows\rlvknlg.exe
C:\WINDOWS\System32\p6js2sqb.exe
C:\WINDOWS\System32\pacis.exe
C:\WINDOWS\System32\phqwhc.exe
C:\WINDOWS\System32\picsvr\picsvr.exe
C:\WINDOWS\System32\ps1.exe
C:\WINDOWS\System32\PSof1.exe
C:\WINDOWS\System32\psoft1.exe
C:\WINDOWS\ioblgfvj.exe
c:\windows\system32\saie.exe
c:\temp\salm.exe
C:\WINDOWS\System32\Iidtvt.exe
C:\Program Files\SurfSideKick 3\Ssk.exe
c:\windows\system32\ksheqt.exe
C:\WINDOWS\etb\pokapoka62.exe
C:\WINDOWS\SysCheckBop32
C:\WINDOWS\System32\tss.exe
C:\WINDOWS\TOUTDLL.EXE
C:\WINDOWS\System32\tpfiec.exe
C:\WINDOWS\ttupt.exe
C:\program files\tvs\tvs_b.exe
C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\ICD3.tmp\svcmm32.exe
C:\PROGRA~1\VBouncer\VirtualBouncer.exe
C:\Program Files\VBouncer\BundleOuter.EXE
C:\Program Files\vcy1nd6a\vcy1nd6a.exe
C:\WINDOWS\System32\Cdmwcb.exe
C:\DOCUME~1\RADIOS~1\LOCALS~1\Temp\See04152005.exe
C:\Program Files\Vdia\Tofbky.exe
C:\Program Files\Web_Rebates\WebRebates0.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\System32\wexcba.exe
C:\WINDOWS\win32078851350410.exe
C:\WINDOWS\System32\adrtua.exe
C:\WINDOWS\System32\wintask.exe
C:\PROGRA~1\COMMON~1\WinTools\WToolsA.exe
C:\WINDOWS\System32\winupdt.exe
C:\WINDOWS\xware.exe
C:\WINDOWS\System32\ylqgic.exe
C:\WINDOWS\zunqdll.EXE


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt..

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

A fresh HJT log please.
  • 0

#29
jaimen

jaimen

    banned

  • Topic Starter
  • Banned
  • PipPip
  • 84 posts
Logfile of HijackThis v1.99.1
Scan saved at 6:39:21 PM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\javarn32.exe
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\system32\sdkfc32.exe
C:\winnt\temp\252.tmp.exe
C:\WINDOWS\system32\lexpps.exe
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {87647AF0-CDBF-C0AC-94F6-54F97CE2A6CA} - C:\WINDOWS\sysjb32.dll
O2 - BHO: Starware - {CA356D79-679B-4b4c-8E49-5AF97014F4C1} - C:\Program Files\Starware\bin\Starware.dll (file missing)
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [sdkfc32.exe] C:\WINDOWS\system32\sdkfc32.exe
O4 - HKLM\..\Run: [252.tmp] c:\winnt\temp\252.tmp.exe
O4 - HKLM\..\Run: [252.tmp.exe] C:\winnt\temp\252.tmp.exe
O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] c:\winnt\temp\24F.tmp
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmesus.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.a...83/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1104451058202
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128303306358
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.a...,20/mcgdmgr.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F#`I) - Unknown owner - C:\WINDOWS\system32\javarn32.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE
  • 0

#30
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

I take it that you were able to delete the files in the previous fix since you havent said anything to the contrary.

Your HJT log shows instances of the awful infection known as Bube. I am keeping my fingers crossed.

Please download
CWShredder
cwsserviceemove.reg file

Now please install CWShredder, and run it. Click Check For Update, then Fix and then OK followed by Next, let it fix everything it asks about

Go to Start>Run and type Services.msc then hit OK
Scroll down and find this service:

Remote Procedure Call (RPC)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on Properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then OK.

Run HiJackThis. Click on None of the above, just start the program. Now, click on the Config button (bottom right), then click on Misc Tools, then click on Delete an NT Service a window will pop up. Enter this item into that field (copy and paste):

RPC if not that, try 11F #`I

Click OK.

It should pull up information about the service, when it asks if you want to reboot now click YES

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\xztwb.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {87647AF0-CDBF-C0AC-94F6-54F97CE2A6CA} - C:\WINDOWS\sysjb32.dll
O4 - HKLM\..\Run: [sdkfc32.exe] C:\WINDOWS\system32\sdkfc32.exe
O4 - HKLM\..\Run: [252.tmp] c:\winnt\temp\252.tmp.exe
O4 - HKLM\..\Run: [252.tmp.exe] C:\winnt\temp\252.tmp.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] c:\winnt\temp\24F.tmp
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O23 - Service: Remote Procedure Call (RPC) Helper ( 11F #`I) - Unknown owner - C:\WINDOWS\system32\javarn32.exe

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Unzip cwsserviceemove.reg file to your desktop. While in safe mode, double click on it and grant it permission to add the registry items.

Please install Killbox by Option^Explicit.

*Extract the programme to your desktop and double-click on its folder, then double-click on Killbox.exe to start the programme.
*In the Killbox programme, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\javarn32.exe
C:\WINDOWS\system32\sdkfc32.exe
C:\winnt\temp\252.tmp.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\WINDOWS\system32\xztwb.dll
C:\WINDOWS\sysjb32.dll
c:\winnt\temp\24F.tmp


*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "Yes" at the reboot now prompt..

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click download and run missingfilesetup.exe. Then try TheKillbox again.

Post back a fresh HijackThis log and I will take another look.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP