Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

winfixer problem... video card not even working...

Started by bethness , Oct 07 2005 08:49 PM

  • Please log in to reply

#1
bethness
Posted 07 October 2005 - 08:49 PM

bethness

    New Member

  • Member
  • Pip
  • 6 posts
hi i really need help... uhm been trying to figure out what to do.... now even my video card is not working properly dunoo if those are connected... thank you so much :tazz:


Logfile of HijackThis v1.99.1
Scan saved at 7:47:34 PM, on 10/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride =

64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;loca

lhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.c

om;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupd

ate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.co

m;<local>
R3 - URLSearchHook: URLSearchHook Class -

{37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program

Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}

- C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} -

C:\WINDOWS\system32\jkhfc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} -

C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} -

C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no

file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}

- C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common

Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media

Experience\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program

Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH

Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program

Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE

C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE

C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor]

C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [THGuard] C:\Program Files\TrojanHunter

4.2\THGuard.exe
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free

Download Manager\fdm.exe -autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll

(file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

(no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) -

http://support.dell....iler/SysPro.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj

Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager

Class) -

http://www.amazon.of..._1/axofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient

Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control

4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation

- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec

Corporation - C:\Program Files\Common Files\Symantec

Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -

C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) -

Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation -

C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) -

Symantec Corporation - C:\Program Files\Norton

AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA

Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common

Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton

AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec

Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec

Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation -

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation -

C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements

#2
Wizard
Posted 08 October 2005 - 09:17 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi Bethness and Welcome to GeekstoGo!

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning.
    It should look like this

    VundoFix V2.13 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\jkhfc.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\system32\cfhkj.*
    This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:

    O2 - BHO: MSEvents Object - {52B1DFC7-AAFC-4362-B103-868B0683C697} -C:\WINDOWS\system32\jkhfc.dll

    O20 - Winlogon Notify: jkhfc - C:\WINDOWS\system32\jkhfc.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
bethness
Posted 08 October 2005 - 10:22 AM

bethness

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
clean up file:

CleanUp! started on 10/08/05 08:56:45.
...
C:\Documents and Settings\art\Local Settings\Temp\IMTAE.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\IMTAF.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\IMTEE.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\IMTEF.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\IMTF0.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\IMTF1.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\IMTF2.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\IMTF3.xml - deleted
C:\Documents and Settings\art\Local Settings\Temp\j07ygjl~pmp9po.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd30.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd32.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd35.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd41.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd44.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd61.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd64.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd69.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd6A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd6D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd6F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcd72.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kcdA.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd12.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd13.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd14.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd15.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd16.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd17.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd18.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd19.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd1A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd1B.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd1C.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd1D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd1E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd1F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd20.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd21.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd22.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd23.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd24.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd25.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd26.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd260_en.exe - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd27.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd28.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd29.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd2A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd2B.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd2C.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd2D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd2E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd2F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd30.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd31.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd32.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd33.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd34.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd35.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd36.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd37.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd38.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd39.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd3A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd3B.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd3C.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd3D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd3E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd3F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd40.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd41.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd42.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd43.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd44.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd45.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd46.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd47.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd48.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd49.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd4A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd4B.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd4C.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd4D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd4E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd4F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd50.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd51.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd52.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd53.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd54.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd55.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd56.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd57.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd58.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd59.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd5A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd5B.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd5C.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd5D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd5E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd5F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd63.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd64.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd65.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd66.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd67.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd68.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd69.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd6A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd6B.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd6C.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd6D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd6E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd6F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd70.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd71.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd72.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd7E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd7F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd80.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd81.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd82.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd83.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd84.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd85.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd9D.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd9E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmd9F.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdA0.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdA1.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdA2.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdA3.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdA4.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdCC.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdCD.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdCE.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdCF.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdD0.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdD1.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdD2.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\kmdD3.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\mazing.bmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\mcd8.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\mcerrorlog_0.txt - deleted
C:\Documents and Settings\art\Local Settings\Temp\mmmxl.log - deleted
C:\Documents and Settings\art\Local Settings\Temp\MSIe02f1.LOG - deleted
C:\Documents and Settings\art\Local Settings\Temp\msnclean.log - deleted
C:\Documents and Settings\art\Local Settings\Temp\MsnSetupLog.txt - deleted
C:\Documents and Settings\art\Local Settings\Temp\np.m3u - deleted
C:\Documents and Settings\art\Local Settings\Temp\Office XP Professional with FrontPage Setup(0001).txt - deleted
C:\Documents and Settings\art\Local Settings\Temp\Office XP Professional with FrontPage Setup(0001)_Task(0001).txt - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf1.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf17.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf2.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf3.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf3A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf4.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf4E.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf7.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\pcf7A4.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\PerfectNavBHOLog.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\PerfectNavUninstall.exe - deleted
C:\Documents and Settings\art\Local Settings\Temp\Perflib_Perfdata_278.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\Perflib_Perfdata_3dc.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\Perflib_Perfdata_5ac.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\Perflib_Perfdata_700.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\Perflib_Perfdata_710.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\Perflib_Perfdata_898.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\Perflib_Perfdata_db0.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\pihp(0002).txt - deleted
C:\Documents and Settings\art\Local Settings\Temp\pihp(0002)_MsiExec.txt - deleted
C:\Documents and Settings\art\Local Settings\Temp\polarexpress.bmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\qdiagd.log - deleted
C:\Documents and Settings\art\Local Settings\Temp\qdiagd_2.log - deleted
C:\Documents and Settings\art\Local Settings\Temp\QTInstallerHelper.dll - deleted
C:\Documents and Settings\art\Local Settings\Temp\saturn.bmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET31.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET34.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET43.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET63.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET66.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET6A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET6C.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET71.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SET73.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SETC.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\SIntf16.dll - deleted
C:\Documents and Settings\art\Local Settings\Temp\SIntf32.dll - deleted
C:\Documents and Settings\art\Local Settings\Temp\SIntfIcn.ani - deleted
C:\Documents and Settings\art\Local Settings\Temp\SIntfNT.dll - deleted
C:\Documents and Settings\art\Local Settings\Temp\spongebob.bmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\temp_AiRules0.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\temp_buildlist0.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\temp_CityPlan0.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\y98w0t0~n0nmqo.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\y98w0t0~nknlpp.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is3.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\~DF5F48.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\~DF66A.tmp - deleted
C:\Documents and Settings\art\Local Settings\Temp\Cookies\index.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\Cookies\ - deleted
C:\Documents and Settings\art\Local Settings\Temp\Db\ctx4-040731.cab - deleted
C:\Documents and Settings\art\Local Settings\Temp\Db\tsi4-040802.cab - deleted
C:\Documents and Settings\art\Local Settings\Temp\Db\tsi4-040809.cab - deleted
C:\Documents and Settings\art\Local Settings\Temp\Db\tss4.cab - deleted
C:\Documents and Settings\art\Local Settings\Temp\Db\ - deleted
C:\Documents and Settings\art\Local Settings\Temp\History\History.IE5\index.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\is-CD1DM.tmp\SkypeVersionChecker.dll - deleted
C:\Documents and Settings\art\Local Settings\Temp\is-CD1DM.tmp\_shfoldr.dll - deleted
C:\Documents and Settings\art\Local Settings\Temp\is-CD1DM.tmp\ - deleted
C:\Documents and Settings\art\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat - deleted
C:\Documents and Settings\art\Local Settings\Temp\VBE\ - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0404.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0406.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0407.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0409.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x040a.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x040b.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x040c.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0410.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0411.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0412.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0413.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0414.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0416.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x041d.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\0x0804.ini - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\1033.MST - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\iPod for Windows 2005-03-23.msi - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\ISScript8.Msi - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\Setup.INI - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\_ISMSIDEL.INI - deleted
C:\Documents and Settings\art\Local Settings\Temp\_is10\ - deleted
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt - deleted
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt - deleted
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt - deleted
C:\Documents and Settings\Administrator\Cookies\INDEX.DAT - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\INDEX.DAT - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\4BSPEZOF\chkmk_antialiased[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\4BSPEZOF\stats[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\4BSPEZOF\stats[2].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\4BSPEZOF\UAHelp_Classic[1].css - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\6JYLAZOX\HelpLA_lib[1].js - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\6JYLAZOX\search[1].htm - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\6JYLAZOX\stats[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\6JYLAZOX\ua[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\O9YJK1IJ\chkmk_clrbkgrd[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\O9YJK1IJ\google[1].htm - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\O9YJK1IJ\popup[1].js - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\O9YJK1IJ\search[1].htm - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\O9YJK1IJ\stats[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\OT2JQP0H\chkmk_noantialias[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\OT2JQP0H\logo[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\OT2JQP0H\stats[1].gif - deleted
C:\Documents and Settings\Administrator\locals~1\tempor~1\Content.IE5\OT2JQP0H\UAHelp_Metrics[1].css - deleted
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\INDEX.DAT - deleted
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005092620051003\index.dat - deleted
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005092620051003\ - deleted
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005100820051009\index.dat - deleted
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012005100820051009\ - deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\BWInstall.log - deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\dat7C.tmp - deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7D.tmp - deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7E.tmp - deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\tmp7F.tmp - deleted
C:\Documents and Settings\Administrator\Local Settings\Temp\UninstallRC-3528733.dll - deleted
C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf - deleted
C:\WINDOWS\Prefetch\AHUI.EXE-10F6000D.pf - deleted
C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf - deleted
C:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf - deleted
C:\WINDOWS\Prefetch\BACKITUP.EXE-2246992C.pf - deleted
C:\WINDOWS\Prefetch\BCMSMMSG.EXE-061D0722.pf - deleted
C:\WINDOWS\Prefetch\CALC.EXE-02A5B4B1.pf - deleted
C:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf - deleted
C:\WINDOWS\Prefetch\CFGWIZ.EXE-175899EE.pf - deleted
C:\WINDOWS\Prefetch\CLEANMGR.EXE-31B430FE.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP.EXE-0ACAE2A3.pf - deleted
C:\WINDOWS\Prefetch\CLEANUP40[1].EXE-0311E149.pf - deleted
C:\WINDOWS\Prefetch\CMD.EXE-034B0549.pf - deleted
C:\WINDOWS\Prefetch\CNMSM38.EXE-27A39BA1.pf - deleted
C:\WINDOWS\Prefetch\COPYINF.EXE-0A2A5F82.pf - deleted
C:\WINDOWS\Prefetch\CSRSS.EXE-22452D1B.pf - deleted
C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf - deleted
C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf - deleted
C:\WINDOWS\Prefetch\DRWTSN32.EXE-01DDCF15.pf - deleted
C:\WINDOWS\Prefetch\DSAGNT.EXE-2C86BFCE.pf - deleted
C:\WINDOWS\Prefetch\DSENTRY.EXE-28A3C4CF.pf - deleted
C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf - deleted
C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf - deleted
C:\WINDOWS\Prefetch\EXEC.EXE-38336C38.pf - deleted
C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf - deleted
C:\WINDOWS\Prefetch\FSG.EXE-28C873BD.pf - deleted
C:\WINDOWS\Prefetch\FSG_4203.EXE-02EBE73B.pf - deleted
C:\WINDOWS\Prefetch\HCM.EXE-37142F79.pf - deleted
C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf - deleted
C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-008A3049.pf - deleted
C:\WINDOWS\Prefetch\HKCMD.EXE-0F06AE14.pf - deleted
C:\WINDOWS\Prefetch\HL2.EXE-2A6A7D9D.pf - deleted
C:\WINDOWS\Prefetch\IDRIVER.EXE-37E6932D.pf - deleted
C:\WINDOWS\Prefetch\IEDW.EXE-0F1DF43F.pf - deleted
C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf - deleted
C:\WINDOWS\Prefetch\IGFXTRAY.EXE-0A23D403.pf - deleted
C:\WINDOWS\Prefetch\IKERNEL.EXE-1ECD90CF.pf - deleted
C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf - deleted
C:\WINDOWS\Prefetch\INSTTIMEUPDATER.EXE-07835ECD.pf - deleted
C:\WINDOWS\Prefetch\IPODSERVICE.EXE-37043579.pf - deleted
C:\WINDOWS\Prefetch\IS-FP31S.TMP-22D2C462.pf - deleted
C:\WINDOWS\Prefetch\ISRUNNINGAPP.EXE-06550519.pf - deleted
C:\WINDOWS\Prefetch\ISRUNNINGAPP.EXE-22EE9F6E.pf - deleted
C:\WINDOWS\Prefetch\IS_SETUP.EXE-19A2F640.pf - deleted
C:\WINDOWS\Prefetch\ITUNES.EXE-14FD3AEE.pf - deleted
C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf - deleted
C:\WINDOWS\Prefetch\KAZAA.EXE-18A165C4.pf - deleted
C:\WINDOWS\Prefetch\Layout.ini - deleted
C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf - deleted
C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf - deleted
C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf - deleted
C:\WINDOWS\Prefetch\MMDIAG.EXE-2CD118AB.pf - deleted
C:\WINDOWS\Prefetch\MMTASK.EXE-101CFBE9.pf - deleted
C:\WINDOWS\Prefetch\MM_TRAY.EXE-39FEF185.pf - deleted
C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf - deleted
C:\WINDOWS\Prefetch\MSIMN.EXE-183B59AF.pf - deleted
C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf - deleted
C:\WINDOWS\Prefetch\NAVW32.EXE-32139521.pf - deleted
C:\WINDOWS\Prefetch\NAVW32.EXE-32391D9E.pf - deleted
C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf - deleted
C:\WINDOWS\Prefetch\NERO.EXE-30D5F6F2.pf - deleted
C:\WINDOWS\Prefetch\NEROCHECK.EXE-30941580.pf - deleted
C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-0C04C914.pf - deleted
C:\WINDOWS\Prefetch\NMAIN.EXE-3A3D97F1.pf - deleted
C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf - deleted
C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf - deleted
C:\WINDOWS\Prefetch\NWIZ.EXE-2D374245.pf - deleted
C:\WINDOWS\Prefetch\OMGJBOX.EXE-0524E93C.pf - deleted
C:\WINDOWS\Prefetch\OSA.EXE-28494AD2.pf - deleted
C:\WINDOWS\Prefetch\PACADDON.EXE-16457B1D.pf - deleted
C:\WINDOWS\Prefetch\PCMSERVICE.EXE-3369AF87.pf - deleted
C:\WINDOWS\Prefetch\PXHPINST.EXE-0FA2BD3D.pf - deleted
C:\WINDOWS\Prefetch\PXINSTALL.EXE-1FF26827.pf - deleted
C:\WINDOWS\Prefetch\PXSETUP.EXE-297247BA.pf - deleted
C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf - deleted
C:\WINDOWS\Prefetch\REGDLL.EXE-160BCF6D.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-3CAE7316.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-54023F1C.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-57C8756E.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-59FE0E96.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-5F120771.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6ACD0C83.pf - deleted
C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-06F00792.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-29F17E32.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-2D607978.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-2FDA0F3B.pf - deleted
C:\WINDOWS\Prefetch\SETUP.EXE-344BFE1B.pf - deleted
C:\WINDOWS\Prefetch\SETUPREG.EXE-31EFC9DA.pf - deleted
C:\WINDOWS\Prefetch\SETUPSS.EXE-0779CF06.pf - deleted
C:\WINDOWS\Prefetch\SGTRAY.EXE-31581176.pf - deleted
C:\WINDOWS\Prefetch\SNDMON.EXE-1C89C7E1.pf - deleted
C:\WINDOWS\Prefetch\SONICSTAGEINSTALLER[1].EXE-048A2E1B.pf - deleted
C:\WINDOWS\Prefetch\SP1AEXPRESS_USA[1].EXE-0DBBB2B4.pf - deleted
C:\WINDOWS\Prefetch\SSAAD.EXE-06B7FD4F.pf - deleted
C:\WINDOWS\Prefetch\SSDBCONNECTION.EXE-19F046F8.pf - deleted
C:\WINDOWS\Prefetch\SSSCSISV.EXE-1F8DC7DB.pf - deleted
C:\WINDOWS\Prefetch\STEAM.EXE-0099A331.pf - deleted
C:\WINDOWS\Prefetch\STOPMUSICSERVER.EXE-13428A33.pf - deleted
C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf - deleted
C:\WINDOWS\Prefetch\TFSWCTRL.EXE-2D67C816.pf - deleted
C:\WINDOWS\Prefetch\THGUARD.EXE-0CB357A2.pf - deleted
C:\WINDOWS\Prefetch\TMG-NORTON ANTIVIRUS 2005 KEY-2C38E742.pf - deleted
C:\WINDOWS\Prefetch\TROJANHUNTER.EXE-0A57D332.pf - deleted
C:\WINDOWS\Prefetch\TROJANHUNTER[1].EXE-2F549667.pf - deleted
C:\WINDOWS\Prefetch\UNUSB.EXE-13A5D770.pf - deleted
C:\WINDOWS\Prefetch\UPDATE.EXE-26082C5E.pf - deleted
C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf - deleted
C:\WINDOWS\Prefetch\VUNDOFIX[1].EXE-2BDD601A.pf - deleted
C:\WINDOWS\Prefetch\WINLOGON.EXE-0957F9B2.pf - deleted
C:\WINDOWS\Prefetch\WINWORD.EXE-0614BEA2.pf - deleted
C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf - deleted
C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf - deleted
C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-1ED50356.pf - deleted
C:\WINDOWS\Prefetch\YPAGER.EXE-02DBD849.pf - deleted
C:\temp\only.vob - deleted
C:\temp\ScanGearToolboxCSv223\40COMUPD.EXE - deleted
C:\temp\ScanGearToolboxCSv223\DATA.TAG - deleted
C:\temp\ScanGearToolboxCSv223\data1.cab - deleted
C:\temp\ScanGearToolboxCSv223\data2.cab - deleted
C:\temp\ScanGearToolboxCSv223\lang.dat - deleted
C:\temp\ScanGearToolboxCSv223\layout.bin - deleted
C:\temp\ScanGearToolboxCSv223\os.dat - deleted
C:\temp\ScanGearToolboxCSv223\Readme.wri - deleted
C:\temp\ScanGearToolboxCSv223\SETUP.BMP - deleted
C:\temp\ScanGearToolboxCSv223\SETUP.EXE - deleted
C:\temp\ScanGearToolboxCSv223\SETUP.INI - deleted
C:\temp\ScanGearToolboxCSv223\setup.ins - deleted
C:\temp\ScanGearToolboxCSv223\setup.lid - deleted
C:\temp\ScanGearToolboxCSv223\ZbThumbnail.info - deleted
C:\temp\ScanGearToolboxCSv223\_INST32I.EX_ - deleted
C:\temp\ScanGearToolboxCSv223\_ISDEL.EXE - deleted
C:\temp\ScanGearToolboxCSv223\_SETUP.DLL - deleted
C:\temp\ScanGearToolboxCSv223\_sys1.cab - deleted
C:\temp\ScanGearToolboxCSv223\_user1.cab - deleted
C:\temp\ScanGearToolboxCSv223\ - deleted
Emptied Recycle Bin on drive C:
'Run MRU' list - removed from the registry.
Paint Recent File List - removed from the registry.
WordPad Recent File List - removed from the registry.
Telnet's MRU list - removed from the registry.
CleanUp! 4.0 recovered 775.9 MB of disk space from 16442 files.
CleanUp! finished on 10/08/05 08:59:04.
  • 0

#4
bethness
Posted 08 October 2005 - 10:23 AM

bethness

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
this is hijack file

Logfile of HijackThis v1.99.1
Scan saved at 9:23:18 AM, on 10/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\DSentry.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\Program Files\CleanUp!\Cleanup.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hijack\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.ne...ch?r=minisearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://my.netzero.ne...ch?r=minisearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://my.netzero.ne...ch?r=minisearch
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*windowsupdate.microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*test-speed.com;liveupdate.symantecliveupdate.com;liveupdate.symantec.com;service1.symantec.com;*.nai.com;*.networkassociates.com;<local>
R3 - URLSearchHook: URLSearchHook Class - {37D2CDBF-2AF4-44AA-8113-BD0D2DA3C2B8} - C:\Program Files\NZSearch\SearchEnh1.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [spc_w] "C:\Program Files\NZSearch\hcm.exe" -w
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.amazon.of..._1/axofupld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#5
bethness
Posted 08 October 2005 - 10:24 AM

bethness

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
vundo log


Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Suspending PID 492 'smss.exe'
Threads [496][500][504][180][212]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1436 'explorer.exe'
Killing PID 1436 'explorer.exe'
Killing PID 484 'explorer.exe'
Killing PID 484 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 568 'winlogon.exe'
Killing PID 568 'winlogon.exe'
Killing PID 204 'winlogon.exe'
Could not delete file.
Files Deleted sucessfully.
  • 0

#6
Wizard
Posted 08 October 2005 - 10:47 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Any results from Panda?

Lets make sure there are no reinstallers left lieing around as well!


Download WinPFind:
http://www.bleepingc...es/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode

From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Restart Normal and Post the results of WinPFind and Panda!
  • 0

#7
bethness
Posted 08 October 2005 - 12:11 PM

bethness

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
uhm ok... let me do that

whats PANDA? thanks so much...
  • 0

#8
bethness
Posted 08 October 2005 - 12:29 PM

bethness

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...

Checking %System% folder...
PEC2 8/29/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
PECompact2 9/8/2005 8:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 9/8/2005 8:08:28 PM 1997664 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
winsync 8/29/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\HOSTS


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
10/8/2005 11:13:18 AM S 2048 C:\WINDOWS\BOOTSTAT.DAT
9/19/2005 9:59:34 PM HS 26125 C:\WINDOWS\SYSTEM32\jkhhe.dll
9/19/2005 9:58:58 PM HS 26125 C:\WINDOWS\SYSTEM32\pmkhf.dll
10/8/2005 11:13:14 AM H 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
10/8/2005 11:13:30 AM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
10/8/2005 11:13:20 AM H 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
10/8/2005 11:14:56 AM H 122880 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
10/8/2005 11:13:40 AM H 1101824 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
9/13/2005 4:23:10 PM H 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
9/28/2005 10:24:50 AM HS 388 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\771ad043-7fd4-41af-858b-ede3889608af
9/28/2005 10:24:50 AM HS 24 C:\WINDOWS\SYSTEM32\Microsoft\Protect\S-1-5-18\User\Preferred
10/8/2005 11:12:30 AM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Broadcom Corporation 6/3/2003 9:38:44 AM 94208 C:\WINDOWS\SYSTEM32\BCMSM.CPL
5/10/2001 11:00:00 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Intel Corporation 2/10/2004 12:53:24 PM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Ahead Software AG 1/14/2004 6:57:18 PM 57344 C:\WINDOWS\SYSTEM32\ImageDrive.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems 1/6/2004 8:25:18 AM 53352 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 5/25/2005 8:02:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel® Corporation 3/11/2003 3:15:56 PM 77824 C:\WINDOWS\SYSTEM32\PRApplet.cpl
Apple Computer, Inc. 9/23/2004 6:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\DLLCACHE\main.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\DLLCACHE\ncpa.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\DLLCACHE\telephon.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl
Intel Corporation 2/10/2004 12:53:24 PM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0000\DriverFiles\igfxcpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
9/3/2002 8:00:00 AM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\DESKTOP.INI
7/16/2005 3:44:56 PM 1730 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...
9/3/2002 7:50:46 AM HS 62 C:\Documents and Settings\All Users\Application Data\DESKTOP.INI

Checking files in %USERPROFILE%\Startup folder...
9/3/2002 8:00:00 AM HS 84 C:\Documents and Settings\Juris Burgos\Start Menu\Programs\Startup\DESKTOP.INI

Checking files in %USERPROFILE%\Application Data folder...
9/3/2002 7:50:46 AM HS 62 C:\Documents and Settings\Juris Burgos\Application Data\DESKTOP.INI
2/10/2004 12:39:24 PM 0 C:\Documents and Settings\Juris Burgos\Application Data\dm.ini
9/10/2005 4:49:10 PM 47856 C:\Documents and Settings\Juris Burgos\Application Data\GDIPFONTCACHEV1.DAT
1/16/2004 3:55:16 AM 12358 C:\Documents and Settings\Juris Burgos\Application Data\PFP110JCM.{PB
1/16/2004 3:55:16 AM 61678 C:\Documents and Settings\Juris Burgos\Application Data\PFP110JPR.{PB
UPX! 7/1/2004 5:29:54 PM 169504 C:\Documents and Settings\Juris Burgos\Application Data\shb.dat

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Trojan Remover
{52B87208-9CCF-42C9-B88E-069281105805} = C:\PROGRA~1\TROJAN~1\Trshlex.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\QuickFinderMenu
{C0E10002-0028-0004-C0E1-C0E1C0E1C0E1} = c:\Program Files\WordPerfect Office 11\Programs\PFSE110.DLL
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\TrojanHunter
{EBDF1F20-C829-11D1-8233-FF20AF3E97A9} = C:\PROGRA~1\TROJAN~1.2\contmenu.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CA3D70E-1895-11CF-8E15-001234567890}
DriveLetterAccess = C:\WINDOWS\system32\dla\tfswshx.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{F5735C15-1FB2-41FE-BA12-242757E69DDE} = :
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console : C:\WINDOWS\System32\msjava.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
MenuText = :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{F5735C15-1FB2-41FE-BA12-242757E69DDE} = :
{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} = ZeroBar : C:\Program Files\NetZero\toolbar.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
PCMService "C:\Program Files\Dell\Media Experience\PCMService.exe"
Microsoft Works Update Detection C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
IgfxTray C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds C:\WINDOWS\system32\hkcmd.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
dla C:\WINDOWS\system32\dla\tfswctrl.exe
BCMSMMSG BCMSMMSG.exe
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
iTunesHelper "C:\Program Files\iTunes\iTunesHelper.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
NeroFilterCheck C:\WINDOWS\system32\NeroCheck.exe
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
nwiz nwiz.exe /install
NvMediaCenter RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
SsAAD.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
THGuard "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
spc_w "C:\Program Files\NZSearch\hcm.exe" -w
Free Download Manager C:\Program Files\Free Download Manager\fdm.exe -autorun

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\DellSupport
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DSAgnt
hkey HKCU
command "C:\Program Files\Dell Support\DSAgnt.exe" /startup
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DSAgnt
hkey HKCU
command "C:\Program Files\Dell Support\DSAgnt.exe" /startup
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\iTunesHelper
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item iTunesHelper
hkey HKLM
command C:\Program Files\iTunes\iTunesHelper.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\KAZAA
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kazaa
hkey HKLM
command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item kazaa
hkey HKLM
command C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroFilterCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Steam
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Steam
hkey HKCU
command C:\Program Files\Valve\Steam\\Steam.exe -silent
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Steam
hkey HKCU
command C:\Program Files\Valve\Steam\\Steam.exe -silent
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = Explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui
= igfxsrvc.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.4.1 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 10/8/2005 11:22:45 AM
  • 0

#9
Wizard
Posted 08 October 2005 - 01:03 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,lets make sure windows is Showing Hidden Files
http://www.bleepingc...al62.html#winxp

Locate and Delete these 2 files

C:\WINDOWS\SYSTEM32\jkhhe.dll

C:\WINDOWS\SYSTEM32\pmkhf.dll


Once those are deleted,have the PC scanned here
http://support.f-sec.../home/ols.shtml

You will have to use Internet Explorer for the scan to work!

Post the results of that scan along with a fresh HijackThis log!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP