my current HJT log is at the bottom of this page.
hi
Ive been working on my friend's HP, (XP/sp2) trying to rid it of spyware/walware and i need some advice from the pros here :) I was cleaning up the registry and doing fairly well wiping out some adware when I made the awful, awful AWFUL mistake of clicking on a "winfixer2005" ad. Needless to say, ive been trying to completely purge this *crap software* for 2 days.
The worst part, is that since becoming infected, ive been unable to boot into Safe Mode. I get hung up at the boot screen. Also, when in normal mode, IE crashes almost instantly. He's using AOL to browse and AIM for IMs. To my amazement, AOL works fine. :-0
Ive run plenty of scans using multiple tools. Here is what ive tried:
1.
Software: Norton Antivirus
Action Performed: LiveUpdate
Action Performed: Full System Scan
Results: No new threats found.
2.
Software: Noadware
Action Performed: Update Protection
Action Performed: Full System Scan
Results:
Noadware Log
Date : Friday, October 28, 2005
Time:07:53:07TYPE Cookie
ACTION Deleted
VALUE DoubleClick
TYPE Cookie
ACTION Deleted
VALUE about
TYPE Cookie
ACTION Deleted
VALUE ads.adsag
TYPE Cookie
ACTION Deleted
VALUE bizrate
TYPE Cookie
ACTION Deleted
VALUE cdfreaks
TYPE Cookie
ACTION Deleted
VALUE classmates
TYPE Cookie
ACTION Deleted
VALUE com
TYPE Cookie
ACTION Deleted
VALUE data.coremetrics
TYPE Cookie
ACTION Deleted
VALUE stat.dealtime
TYPE Cookie
ACTION Deleted
VALUE fastclick
TYPE Cookie
ACTION Deleted
VALUE hitbox
TYPE Cookie
ACTION Deleted
VALUE indextools
TYPE Cookie
ACTION Deleted
VALUE cgi-bin
TYPE Cookie
ACTION Deleted
VALUE servedby.advertising
TYPE Cookie
ACTION Deleted
VALUE statcounter
TYPE Cookie
ACTION Deleted
VALUE travelocity
TYPE Cookie
ACTION Deleted
VALUE cookie.monster
TYPE Cookie
ACTION Deleted
VALUE SageAnalyst
TYPE Cookie
ACTION Deleted
VALUE casalemedia
TYPE Cookie
ACTION Deleted
VALUE realmedia
TYPE Cookie
ACTION Deleted
VALUE bluestreak
TYPE Cookie
ACTION Deleted
VALUE tribalfusion
TYPE Cookie
ACTION Deleted
VALUE edge.ru4
TYPE Cookie
ACTION Deleted
VALUE trafficmp
TYPE Cookie
ACTION Deleted
VALUE serving-sys
TYPE Cookie
ACTION Deleted
VALUE overture
TYPE Cookie
ACTION Deleted
VALUE server.iad.liveperson
TYPE Cookie
ACTION Deleted
VALUE targetnet
TYPE Cookie
ACTION Deleted
VALUE citi.bridgetrack
TYPE Cookie
ACTION Deleted
VALUE stat.onestat
TYPE Cookie
ACTION Deleted
VALUE mediaplex
TYPE Cookie
ACTION Deleted
VALUE ads.pointroll
TYPE Cookie
ACTION Deleted
VALUE atdmt
TYPE Cookie
ACTION Deleted
VALUE counter.hitslink
TYPE Cookie
ACTION Deleted
VALUE maxserving
TYPE Cookie
ACTION Deleted
VALUE centrport
TYPE Cookie
ACTION Deleted
VALUE 2o7
TYPE Cookie
ACTION Deleted
VALUE advertising
TYPE Cookie
ACTION Deleted
VALUE ads.addynamix
TYPE Cookie
ACTION Deleted
VALUE questionmarket
TYPE Cookie
ACTION Deleted
VALUE z1.adserver
TYPE Cookie
ACTION Deleted
VALUE zedo
TYPE Cookie
ACTION Deleted
VALUE bfast
TYPE Cookie
ACTION Deleted
VALUE apmebf
TYPE Cookie
ACTION Deleted
VALUE cc.bridgetrack
TYPE Cookie
ACTION Deleted
VALUE valueclick
TYPE Cookie
ACTION Deleted
VALUE tripod
TYPE Cookie
ACTION Deleted
VALUE adknowledge
TYPE Cookie
ACTION Deleted
VALUE qksrv
TYPE Cookie
ACTION Deleted
VALUE as-us.falkag
3.
Software: Spybot S&D:
Action Performed: Check For Problems
Action Performed: 6 Full System Scans
Results: All Fixes except Back Web Lite and Noadware and Windows Firewall settingsI assume Back Web Lite has something to do with HP... so i left it alone. lol
--- Report generated: 2005-10-28 21:01 ---
NoAdware: Uninstall settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NoAdware_is1
BackWeb lite: Program directory (Directory, nothing done)
C:\Program Files\BackWeb\
BackWeb lite: File extension (Registry key, nothing done)
HKEY_CLASSES_ROOT\bwpfile
BackWeb lite: File extension (Registry key, nothing done)
HKEY_CLASSES_ROOT\.bwp
BackWeb lite: Global settings (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\BackWeb
BackWeb lite: Netscape viewer (Registry value, nothing done)
HKEY_USERS\S-1-5-21-390508023-2344068290-1355416408-1003\Software\Netscape\Netscape Navigator\Viewers\application/x-bwpreview
WildTangent: Global settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\Software\WildTangent
WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\updater\
WildTangent: Program directory (Directory, fixed)
C:\Program Files\WildTangent\
Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0
Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0
WildTangent: Program directory (Directory, fixed)
C:\WINDOWS\wt\
Winsoftware.Common: Program directory (Directory, fixed)
C:\Program Files\Common Files\WinSoftware\
BackWeb lite: Interface (IBackWebDisplaySettings4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{001B3F20-D866-11D1-8B4C-00609761C47A}
BackWeb lite: Interface (IBackWebChannel4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{025632A0-BCEC-11D1-8B35-00609761C47A}
BackWeb lite: Interface (IBackWebDirectoryEntry) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0C6E0440-0B50-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebDownloadTimeConstraint) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C83-8123-11D0-B5CA-0000B43698D6}
BackWeb lite: Interface (IBackWebDownloadTimeConstraintCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0D1F7C84-8123-11D0-B5CA-0000B43698D6}
BackWeb lite: Interface (IBackWebExtension) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{0F4FE440-983F-11D0-9B9C-444553540000}
BackWeb lite: Interface (IBackWebGeneralSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC3-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebDialerSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC4-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebCommSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC5-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebDisplaySettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC6-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebSetup) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{12473FC7-61A7-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebDirectory) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{15030BC0-0B52-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebStoryFieldCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{1D91D9E0-004B-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWeb2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{23F43240-F78D-11D0-9A50-00AA004812C2}
BackWeb lite: Interface (IBackWebInfoPakDownloadServices) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2DE07D90-DC04-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebSetupNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F099AF0-6329-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebChannelTableNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{2F523082-5A0B-11D0-9B9C-444553540000}
BackWeb lite: Interface (IBackWebSetup4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3667E7B0-4F28-11D1-8ADB-00609761C47A}
BackWeb lite: Interface (IBackWebFileAccess) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A6E-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPakFilesCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A71-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPakFile) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A74-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebOpenInfoPakFile) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{3AF78A77-6F14-11D1-A884-0000B43699FC}
BackWeb lite: Interface (IBackWebDirectoryNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{41CEBDC0-32C1-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebStoryTableNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{44230BC0-3105-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebInfoPakNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{4A3666F3-5F2D-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWeb) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF355-5323-11D0-A864-0000B43699FC}
BackWeb lite: Interface (IBackWebChannelCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35A-5323-11D0-A864-0000B43699FC}
BackWeb lite: Interface (IBackWebChannel) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{53FCF35B-5323-11D0-A864-0000B43699FC}
BackWeb lite: Interface (IBackWebStoryField) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5B1E13A0-004B-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebDirectoryEntryCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{5DF6CE40-0B50-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebFileAccessViaDir) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{608FE360-6FB2-11D1-A885-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPak4_2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{610141C2-7701-11D1-B042-004095903824}
BackWeb lite: Interface (IBackWebAlertSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{72B62B40-17D1-11D1-96A7-F8E906C10000}
BackWeb lite: Interface (IBackWeb4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{740904E0-0BFB-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebPlayer) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8028B940-4932-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebAllInfoPakCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{8131F530-649E-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebChannelDownloadServices) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9132E380-DC21-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebItemDownloadServices) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{93BF8F00-DBE8-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebChannel2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9647FB70-DC0F-11D0-A875-0000B43699FC}
BackWeb lite: Interface (IBackWebStoryCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46422-FF61-11D0-9951-444553540000}
BackWeb lite: Interface (IBackWebAllStoryCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46423-FF61-11D0-9951-444553540000}
BackWeb lite: Interface (IBackWebStory) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{9DB46424-FF61-11D0-9951-444553540000}
BackWeb lite: Interface (IBackWebChannelVariableCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{A4BC67F0-6C90-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebChannel4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{AEE96320-2131-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebCommunications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BAD37BC0-2231-11D1-9951-444553540000}
BackWeb lite: Interface (IBackWebChannelCollection4) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{BCD0C200-69C1-11D1-8AF8-00609761C47A}
BackWeb lite: Interface (IBackWebFilterSettings) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{C8CEEEE0-17D6-11D1-96A7-F8E906C10000}
BackWeb lite: Interface (IBackWebApplicationNotifications) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{D0894D60-6C6C-11D0-A866-0000B43699FC}
BackWeb lite: Interface (IBackWebGeneralSettings2) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{E01AD640-F87D-11D0-9A50-00AA004812C2}
BackWeb lite: Interface (IBackWebInfoPakCollection) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC1-5688-11D0-A865-0000B43699FC}
BackWeb lite: Interface (IBackWebInfoPak) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{EB1FFFC2-5688-11D0-A865-0000B43699FC}
BackWeb lite: Interface (IBackWebChannelVariable) (Registry key, nothing done)
HKEY_LOCAL_MACHINE\Software\Classes\Interface\{FEFCA7F0-6C8E-11D0-A866-0000B43699FC}
FastClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
Winfixer: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: Owner) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-10-28 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-10-28 Includes\Cookies.sbi (*)
2005-10-28 Includes\Dialer.sbi (*)
2005-10-28 Includes\Hijackers.sbi (*)
2005-10-28 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-10-28 Includes\Malware.sbi (*)
2005-10-28 Includes\PUPS.sbi (*)
2005-10-28 Includes\Revision.sbi (*)
2005-10-28 Includes\Security.sbi (*)
2005-10-28 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-10-28 Includes\Trojans.sbi (*)
4.
Software: Max PC Secure:
Action Performed: Update Protection
Action Performed: Multiple Full System Scans
Results: Registry threats and cookies removed. Log File/edit report included below.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10/29/2005
Windows XP Home Edition
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\(Default)\:PCheck Class
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32\threadingmodel\:Both
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\progid\(Default)\:PCheck.PCheck.1
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\typelib\(Default)\:{3BFF2EF1-25BA-4342-A1E8-EC1E2CB9F22B}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\versionindependentprogid\(Default)\:PCheck.PCheck
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\(Default)\:ICheckProduct
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid\(Default)\:{00020424-0000-0000-C000-000000000046}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid32\(Default)\:{00020424-0000-0000-C000-000000000046}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib\(Default)\:{3BFF2EF1-25BA-4342-A1E8-EC1E2CB9F22B}
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib\version\:1.0
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\(Default)\:CheckProduct2Lib
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\flags\(Default)\:0
Registry Data surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32\(Default)\:C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1\(Default)\:PCheck Class
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1\clsid\(Default)\:{FD1A9E6B-05DA-4ca2-830D-654DA1DDBD9E}
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\(Default)\:PCheck Class
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\clsid\(Default)\:{FD1A9E6B-05DA-4ca2-830D-654DA1DDBD9E}
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\curver\(Default)\:PCheck.PCheck.1
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\0\win32\(Default)\:C:\Program Files\Common Files\WinSoftware\PrCheck.dll
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\helpdir\(Default)\:C:\Program Files\Common Files\WinSoftware\
Registry Data WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{55910916-8B4E-4C1E-9253-CCE296EA71EB}\Compatibility Flags
Registry Value 2nd Thought
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99410CDE-6F16-42CE-9D49-3807F78F0287}\Compatibility Flags
Registry Value 180searchassistant
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32\threadingmodel
Registry Value surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib\version
Registry Value surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78}\Compatibility Flags
Registry Value Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65C8C1F5-230E-4DC9-9A0D-F3159A5E7778}\Compatibility Flags
Registry Value Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5580D6F-0E5F-4BDB-9CDF-F8EE68BEB008}\Compatibility Flags
Registry Value Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58359010-BF36-11D3-99A2-0050DA2EE1BE}\Compatibility Flags
Registry Value Ezula TopText
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}\Compatibility Flags
Registry Value CommonName
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{19DFB2CB-9B27-11D4-B192-0050DAB79376}\Compatibility Flags
Registry Value EzuLa
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D6A91CF-37C6-4EB2-A8D8-F65F1DB14ECE}\Compatibility Flags
Registry Value 7Fasst
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{55910916-8B4E-4C1E-9253-CCE296EA71EB}
Registry Key 2nd Thought
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{99410CDE-6F16-42CE-9D49-3807F78F0287}
Registry Key 180searchassistant
----------------------------------------
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext
Registry Key QuickToolBar
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\implemented categories
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\implemented categories\{7dd95801-9882-11cf-9fa9-00aa006c42c4}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\implemented categories\{7dd95802-9882-11cf-9fa9-00aa006c42c4}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\inprocserver32
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\progid
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\programmable
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\typelib
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\clsid\{fd1a9e6b-05da-4ca2-830d-654da1ddbd9e}\versionindependentprogid
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\proxystubclsid32
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\interface\{fc0fe3c3-3359-4cf5-a72d-7f361fa0eceb}\typelib
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\0
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\0\win32
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\flags
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\typelib\{3bff2ef1-25ba-4342-a1e8-ec1e2cb9f22b}\1.0\helpdir
Registry Key surf sidekick
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{645FD3BC-C314-4F7A-9D2E-64D62A0FDD78}
Registry Key Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{65C8C1F5-230E-4DC9-9A0D-F3159A5E7778}
Registry Key Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{D5580D6F-0E5F-4BDB-9CDF-F8EE68BEB008}
Registry Key Apropos Media
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck.1\clsid
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\clsid
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\software\classes\pcheck.pcheck\curver
Registry Key WinFixer
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry.1
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry.1\CLSID
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry\CLSID
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SimpleRegistry.Registry\CurVer
Registry Key WhenUSearchBar
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{58359010-BF36-11D3-99A2-0050DA2EE1BE}
Registry Key Ezula TopText
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{1E1B2879-88FF-11D2-8D96-D7ACAC95951F}
Registry Key CommonName
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\yourapp.Exe
Registry Key CommonName
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{19DFB2CB-9B27-11D4-B192-0050DAB79376}
Registry Key EzuLa
----------------------------------------
HKEY_LOCAL_MACHINE\Software\Microsoft\IEAK
Registry Key Aornum
----------------------------------------
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{2D6A91CF-37C6-4EB2-A8D8-F65F1DB14ECE}
Registry Key 7Fasst
----------------------------------------
C:\WINDOWS\Q330994.exe
File Aurora
----------------------------------------
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
Folder w32.capside.worm
----------------------------------------
C:\Documents and Settings\Owner\Local Settings\Temp\WinFixer2005Setup.exe
File surf sidekick
----------------------------------------
@EDGE.RU4.COM
Cookie Edge.ru4
----------------------------------------
@QNSR.COM
Cookie SearchTheWeb
----------------------------------------
@SMILEYCENTRAL.COM
Cookie SearchTheWeb
----------------------------------------
@ADS.POINTROLL
Cookie pointroll cookie
----------------------------------------
@ADS.POINTROLL.COM
Cookie PointRoll.com
----------------------------------------
@INSIGHTEXPRESSAI.COM
Cookie IPInsight
----------------------------------------
@WWW.123COUNT.COM
Cookie ILookup
----------------------------------------
@IMRWORLDWIDE.COM/CGI-BIN
Cookie CGI-Bin
----------------------------------------
@STATCOUNTER.COM
Cookie Statcounter
----------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10/29/2005
Windows XP Home Edition
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext
Registry Key QuickToolBar
----------------------------------------
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10/29/2005
Windows XP Home Edition
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10/29/2005
Windows XP Home Edition
: Database Version: 5.4
: Product Version: 8.8
: <Start Export Log>
: - Windows XP Home Edition
Internet Explorer :R0 : HKLM\Software\Microsoft\Internet Explorer\Main,Start Page http://www.microsoft...B_PVER}&ar=home
Internet Explorer :R0 : HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL http://www.microsoft...er=6&ar=msnhome
Internet Explorer :R0 : HKCU\Software\Microsoft\Internet Explorer\Main,Start Page http://www.yahoo.com/
Internet Explorer :R0 : HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant http://ie.search.msn...st/srchasst.htm
Internet Explorer :R1 : HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch http://ie.search.msn...st/srchcust.htm
Internet Explorer :R1 : HKCU\Software\Microsoft\Internet Explorer\Main,Search Page http://www.microsoft...=ie&ar=iesearch
Internet Explorer :R1 : HKLM\Software\Microsoft\Internet Explorer\Main,Search Page http://www.microsoft...=ie&ar=iesearch
Internet Explorer :R1 : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel Not Present
Internet Explorer :R1 : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,(ProxyOverride) localhost
BHO :O2 : {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} C:\Program Files\Yahoo!\Common\yiesrvc.dll
BHO :O2 : {437B70A9-36E9-47EE-A955-CBEF08ED3542} C:\Program Files\Max PC Secure\MaxPopupSmasher\PopupSmasher.dll
BHO :O2 : {9ECB9560-04F9-4bbc-943D-298DDF1699E1} C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
BHO :O2 : {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
BHO :O2 : {8DBF02DA-4360-4A7E-BEA1-347B87816327} C:\WINDOWS\system32\mljge.dll
BHO :O2 : {65D886A2-7CA7-479B-BB95-14D1EFB7946A} C:\Program Files\Yahoo!\Common\YIeTagBm.dll
BHO :O2 : {BDF3E430-B101-42AD-A544-FADC6B084872} C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
BHO :O2 : {53707962-6F74-2D53-2644-206D7942484F} C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKCU - Run :O4 : MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
HKCU - Run :O4 : RecordNow!
HKCU - Run :O4 : Yahoo! Pager C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
HKCU - Run :O4 : AOLCC "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
HKCU - Run :O4 : Eyeball Chat "C:\Program Files\Eyeball\Eyeball Chat\EyeballChat.exe" -min
HKLM - Run :O4 : KernelFaultCheck %systemroot%\system32\dumprep 0 -k
HKLM - Run :O4 : SystemTraySD C:\WINDOWS\system32\SDSystemTray.exe
HKLM - Run :O4 : HostManager C:\Program Files\Common Files\AOL\1111906512\ee\AOLSoftware.exe
HKLM - Run :O4 : SDMONITOR C:\WINDOWS\system32\SDMonitor.exe
HKLM - Run :O4 : REGSHAVE C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
HKLM - Run :O4 : SystemTraySecure C:\WINDOWS\system32\MaxSecureTray.exe
HKLM - Run :O4 : MonitorSD C:\Program Files\Max PC Secure\MaxSpyDetector\SDMonitor.exe #FROMDLG
HKLM - Run :O4 : ProxyChecker C:\Program Files\Max PC Secure\MaxSecureAnnonySurf\CheckProxy.exe
HKLM - Run :O4 : ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
HKLM - Run :O4 : TkBellExe "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
HKLM - Run :O4 : QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
HKLM - Run :O4 : SDAutoScan "C:\Program Files\Max PC Secure\MaxSpyDetector\SpywareDetector.exe" -AUTOSCAN
HKLM - Run :O4 : URLLSTCK.exe C:\Program Files\Norton Internet Security\UrlLstCk.exe
Global startup :O4 : C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini
Startup :O4 : C:\Documents and Settings\Owner\Start Menu\Programs\Startup\desktop.ini
Startup :O4 : C:\Documents and Settings\Owner\Start Menu\Programs\Startup\spamsubtract.lnk C:\Program Files\interMute\SpamSubtract\SpamSub.exe
IE Options Restriction :O6 : HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions Not Present
Extra context menu item :O8 : E&xport to Microsoft Excel res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
Extra context menu item :O8 : Yahoo! &Maps file:///C:\Program Files\Yahoo!\Common/ycmap.htm
Extra context menu item :O8 : Yahoo! &Dictionary file:///C:\Program Files\Yahoo!\Common/ycdict.htm
Extra context menu item :O8 : &AOL Toolbar search res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
Extra context menu item :O8 : Yahoo! &SMS file:///C:\Program Files\Yahoo!\Common/ycsms.htm
Extra context menu item :O8 : &Yahoo! Search file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
Extra Button :O9 : {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} Yahoo! Services - C:\Program Files\Yahoo!\Common\yiesrvc.dll
Extra Menu :O9 : {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
Extra Menu :O9 : {4982D40A-C53B-4615-B15B-B5B5E98D167C} {4982D40A-C53B-4615-B15B-B5B5E98D167C}
Extra Menu :O9 : CmdMapping CmdMapping
Extra Menu :O9 : {FB5F1910-F110-11d2-BB9E-00C04F795683} {FB5F1910-F110-11d2-BB9E-00C04F795683}
Extra Menu :O9 : {92780B25-18CC-41C8-B9BE-3C9C571A8263} {92780B25-18CC-41C8-B9BE-3C9C571A8263}
Winsock :O10 : 000000000001 %SystemRoot%\System32\mswsock.dll
Winsock :O10 : 000000000002 %SystemRoot%\System32\winrnr.dll
Winsock :O10 : 000000000003 %SystemRoot%\System32\mswsock.dll
Advance Option :O11 : CRYPTO Security
Advance Option :O11 : SEARCHING Search from the Address bar
Advance Option :O11 : HTTP HTTP 1.1 settings
Advance Option :O11 : PRINT Printing
Advance Option :O11 : JAVA_VM
Advance Option :O11 : ACCESSIBILITY Accessibility
Advance Option :O11 : BROWSE Browsing
Advance Option :O11 : MULTIMEDIA Multimedia
IERESET.INF :O14 : START_PAGE_URL http://www.microsoft...er=6&ar=msnhome
Activex :O16 : QDiagAOLCCUpdateObj Class - {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} C:\WINDOWS\system32\qdiagcc.ocx - http://aolcc.aol.com...kup/qdiagcc.cab
Activex :O16 : Yahoo! Webcam Upload Wrapper - {8714912E-380D-11D5-B8AA-00D0B78F3D48} C:\WINDOWS\Downloaded Program Files\CONFLICT.1\yuplapp.dll - http://chat.yahoo.com/cab/yuplapp.cab
Activex :O16 : YInstStarter Class - {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll - C:\Program Files\Yahoo!\Common\yinsthelper.dll
Activex :O16 : Java Plug-in 1.4.2 - {8AD9C840-044E-11D1-B3E9-00805F499D93} C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll - http://java.sun.com/...indows-i586.cab
Activex :O16 : Java Plug-in 1.4.2 - {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll - http://java.sun.com/...indows-i586.cab
Activex :O16 : Yahoo! Webcam Viewer Wrapper - {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} C:\WINDOWS\Downloaded Program Files\yvwrctl.dll - http://chat.yahoo.com/cab/yvwrctl.cab
Protocol Filter :O18 : application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
Protocol Filter :O18 : application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
Protocol Filter :O18 : text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - %SystemRoot%\system32\SHELL32.dll
Protocol Filter :O18 : Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll
Protocol Filter :O18 : gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
Protocol Filter :O18 : application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll
Protocol Filter :O18 : text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
Protocol Filter :O18 : deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
Protocol Filter :O18 : lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : msdaipp
Protocol Handler :O18 : mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - %SystemRoot%\System32\inetcomm.dll
Protocol Handler :O18 : tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll
Protocol Handler :O18 : mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\System32\ITSS.DLL
Protocol Handler :O18 : ipp
Protocol Handler :O18 : local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
Protocol Handler :O18 : http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\System32\wiascr.dll
Protocol Handler :O18 : res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : sysimage {76E67A63-06E9-11D2-A840-006008059382} - %SystemRoot%\System32\mshtml.dll
Protocol Handler :O18 : ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - c:\WINDOWS\System32\ITSS.DLL
Protocol Handler :O18 : gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll
Protocol Handler :O18 : mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll
Protocol Handler :O18 : vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - %SystemRoot%\System32\mshtml.dll
SSODL :O21 : {35CEC8A3-2BE6-11D2-8773-92E220524153} SysTray - C:\WINDOWS\System32\stobject.dll
SSODL :O21 : {7849596a-48ea-486e-8937-a2a3009f31a9} PostBootReminder - %SystemRoot%\system32\SHELL32.dll
SSODL :O21 : {E6FB5E20-DE35-11CF-9C87-00AA005127ED} WebCheck - %SystemRoot%\System32\webcheck.dll
SSODL :O21 : {fbeb8a05-beee-4442-804e-409d6c4515e9} CDBurn - %SystemRoot%\system32\SHELL32.dll
SharedTaskScheduler :O22 : Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} (No File)
SharedTaskScheduler :O22 : Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} (No File)
Services :O23 : WZCSVC %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : WebClient %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : viaagp1 System32\DRIVERS\viaagp1.sys
Services :O23 : VgaSave \SystemRoot\System32\drivers\vga.sys
Services :O23 : upnphost %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : SymWSC C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Services :O23 : SYMIDS \SystemRoot\System32\Drivers\SYMIDS.SYS
Services :O23 : SLIP System32\DRIVERS\SLIP.sys
Services :O23 : RasAcd System32\DRIVERS\rasacd.sys
Services :O23 : Netlogon %SystemRoot%\System32\lsass.exe
Services :O23 : mouhid System32\DRIVERS\mouhid.sys
Services :O23 : ERSvc %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : CryptSvc %SystemRoot%\system32\svchost.exe -k netsvcs
Services :O23 : BridgeMP System32\DRIVERS\bridge.sys
Services :O23 : WS2IFSL \SystemRoot\System32\drivers\ws2ifsl.sys
Services :O23 : wanatw System32\DRIVERS\wanatw4.sys
Services :O23 : VSS %SystemRoot%\System32\vssvc.exe
Services :O23 : usbhub System32\DRIVERS\usbhub.sys
Services :O23 : TrkWks %SystemRoot%\system32\svchost.exe -k netsvcs
Services :O23 : SYMTDI \SystemRoot\System32\Drivers\SYMTDI.SYS
Services :O23 : ShellHWDetection %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : ScsiPort %SystemRoot%\system32\drivers\scsiport.sys
Services :O23 : S3Psddr System32\DRIVERS\s3gnbm.sys
Services :O23 : Raspti System32\DRIVERS\raspti.sys
Services :O23 : PptpMiniport System32\DRIVERS\raspptp.sys
Services :O23 : PCI System32\DRIVERS\pci.sys
Services :O23 : nv_agp System32\DRIVERS\nv_agp.sys
Services :O23 : NetDDEdsdm %SystemRoot%\system32\netdde.exe
Services :O23 : MSIServer C:\WINDOWS\system32\msiexec.exe /V
Services :O23 : HidUsb System32\DRIVERS\hidusb.sys
Services :O23 : Fdc System32\DRIVERS\fdc.sys
Services :O23 : fasttx2k System32\DRIVERS\fasttx2k.sys
Services :O23 : Eventlog %SystemRoot%\system32\services.exe
Services :O23 : DMusic system32\drivers\DMusic.sys
Services :O23 : DcomLaunch %SystemRoot%\system32\svchost -k DcomLaunch
Services :O23 : COMSysApp C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
Services :O23 : ClipSrv %SystemRoot%\system32\clipsrv.exe
Services :O23 : Browser %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : ALCXSENS system32\drivers\ALCXSENS.SYS
Services :O23 : wdmaud system32\drivers\wdmaud.sys
Services :O23 : Tcpip System32\DRIVERS\tcpip.sys
Services :O23 : symlcbrd \??\C:\WINDOWS\system32\drivers\symlcbrd.sys
Services :O23 : SYMDNS \SystemRoot\System32\Drivers\SYMDNS.SYS
Services :O23 : Sunkfiltp \??\C:\WINDOWS\System32\Drivers\sunkfiltp.sys
Services :O23 : Srv System32\DRIVERS\srv.sys
Services :O23 : Schedule %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : rtl8139 System32\DRIVERS\R8139n51.SYS
Services :O23 : redbook System32\DRIVERS\redbook.sys
Services :O23 : ProtectedStorage %SystemRoot%\system32\lsass.exe
Services :O23 : PolicyAgent %SystemRoot%\System32\lsass.exe
Services :O23 : ohci1394 System32\DRIVERS\ohci1394.sys
Services :O23 : NtLmSsp %SystemRoot%\System32\lsass.exe
Services :O23 : navapsvc "C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe"
Services :O23 : MSPQM system32\drivers\MSPQM.sys
Services :O23 : LmHosts %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : Kbdclass System32\DRIVERS\kbdclass.sys
Services :O23 : ewido security suite driver \??\C:\Documents and Settings\Owner\Desktop\security suite\guard.sys
Services :O23 : AsyncMac System32\DRIVERS\asyncmac.sys
Services :O23 : AmdK7 System32\DRIVERS\amdk7.sys
Services :O23 : Alerter %SystemRoot%\System32\svchost.exe -k LocalService
Services :O23 : UPS %SystemRoot%\System32\ups.exe
Services :O23 : SYMFW \SystemRoot\System32\Drivers\SYMFW.SYS
Services :O23 : streamip System32\DRIVERS\StreamIP.sys
Services :O23 : srservice %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Serial System32\DRIVERS\serial.sys
Services :O23 : SCardSvr %SystemRoot%\System32\SCardSvr.exe
Services :O23 : RasAuto %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : NwlnkFlt System32\DRIVERS\nwlnkflt.sys
Services :O23 : NVXBAR System32\DRIVERS\NVxbar.sys
Services :O23 : ISSVC "C:\Program Files\Norton Internet Security\ISSVC.exe"
Services :O23 : intelppm System32\DRIVERS\intelppm.sys
Services :O23 : Imapi System32\DRIVERS\imapi.sys
Services :O23 : drmkaud system32\drivers\drmkaud.sys
Services :O23 : dmadmin %SystemRoot%\System32\dmadmin.exe /com
Services :O23 : atapi System32\DRIVERS\atapi.sys
Services :O23 : {6080A529-897E-4629-A488-ABA0C29B635E} system32\drivers\ialmsbw.sys
Services :O23 : winmgmt %systemroot%\system32\svchost.exe -k netsvcs
Services :O23 : TapiSrv %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : swmidi system32\drivers\swmidi.sys
Services :O23 : swenum System32\DRIVERS\swenum.sys
Services :O23 : SPBBCDrv \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
Services :O23 : Serenum System32\DRIVERS\serenum.sys
Services :O23 : seclogon %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : SBService C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
Services :O23 : SAVRT \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS
Services :O23 : Ptilink System32\DRIVERS\ptilink.sys
Services :O23 : PlugPlay %SystemRoot%\system32\services.exe
Services :O23 : nvcap System32\DRIVERS\nvcap.sys
Services :O23 : mnmsrvc C:\WINDOWS\System32\mnmsrvc.exe
Services :O23 : ltmodem5 System32\DRIVERS\ltmdmnt.sys
Services :O23 : ewido security suite control C:\Documents and Settings\Owner\Desktop\security suite\ewidoctrl.exe
Services :O23 : W32Time %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : usbehci System32\DRIVERS\usbehci.sys
Services :O23 : usbccgp System32\DRIVERS\usbccgp.sys
Services :O23 : splitter system32\drivers\splitter.sys
Services :O23 : SharedAccess %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : SAVRTPEL \??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS
Services :O23 : RDSessMgr C:\WINDOWS\system32\sessmgr.exe
Services :O23 : PCIIde \SystemRoot\System32\DRIVERS\pciide.sys
Services :O23 : NVSvc %SystemRoot%\System32\nvsvc32.exe
Services :O23 : NdisIP System32\DRIVERS\NdisIP.sys
Services :O23 : xmlprov %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : usbuhci System32\DRIVERS\usbuhci.sys
Services :O23 : sysaudio system32\drivers\sysaudio.sys
Services :O23 : Secdrv System32\DRIVERS\secdrv.sys
Services :O23 : SAVScan "C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe"
Services :O23 : RpcLocator %SystemRoot%\System32\locator.exe
Services :O23 : PxHelp20 System32\DRIVERS\PxHelp20.sys
Services :O23 : Processor System32\DRIVERS\processr.sys
Services :O23 : Parport System32\DRIVERS\parport.sys
Services :O23 : Mouclass System32\DRIVERS\mouclass.sys
Services :O23 : kbdhid System32\DRIVERS\kbdhid.sys
Services :O23 : IPSec System32\DRIVERS\ipsec.sys
Services :O23 : dmserver %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : BITS %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Arp1394 System32\DRIVERS\arp1394.sys
Services :O23 : AOL ACS "C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe"
Services :O23 : RDPCDD System32\DRIVERS\RDPCDD.sys
Services :O23 : RasMan %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : PSched System32\DRIVERS\psched.sys
Services :O23 : pfc system32\drivers\pfc.sys
Services :O23 : IpNat System32\DRIVERS\ipnat.sys
Services :O23 : Gpc System32\DRIVERS\msgpc.sys
Services :O23 : Bridge System32\DRIVERS\bridge.sys
Services :O23 : WmdmPmSN %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Themes %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : stisvc %SystemRoot%\System32\svchost.exe -k imgsvc
Services :O23 : SENS %SystemRoot%\system32\svchost.exe -k netsvcs
Services :O23 : SamSs %SystemRoot%\system32\lsass.exe
Services :O23 : nv System32\DRIVERS\nv4_mini.sys
Services :O23 : MRxSmb System32\DRIVERS\mrxsmb.sys
Services :O23 : MRxDAV System32\DRIVERS\mrxdav.sys
Services :O23 : lanmanserver %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : HTTP System32\Drivers\HTTP.sys
Services :O23 : Fax %systemroot%\system32\fxssvc.exe
Services :O23 : Atmarpc System32\DRIVERS\atmarpc.sys
Services :O23 : wscsvc %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : Update System32\DRIVERS\update.sys
Services :O23 : SNDSrvc "C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe"
Services :O23 : RemoteAccess %SystemRoot%\System32\svchost.exe -k netsvcs
Services :O23 : NetBT System32\DRIVERS\netbt.sys
Services :O23 : Ftdisk System32\DRIVERS\ftdisk.sys
Services :O23 : EventSystem C:\WINDOWS\System32\svchost.exe -k netsvcs
Services :O23 : CiSvc %SystemRoot%\system32\cisvc.exe
Services :O23 : CCDECODE System32\DRIVERS\CCDECODE.sys
Services :O23 : ALG %SystemRoot%\System32\alg.exe
Services :O23 : WmXlCore system32\drivers\WmXlCore.sys
Services :O23 : viagfx System32\DRIVERS\vtmini.sys
Services :O23 : NwlnkFwd System32\DRIVERS\nwlnkfwd.sys
Services :O23 : netwg311 System32\DRIVERS\netwg311.sys
Services :O23 : NetDDE %SystemRoot%\system32\netdde.exe
Services :O23 : NdisWan System32\DRIVERS\ndiswan.sys
Services :O23 : NAV Alert C:\PROGRA~1\Navnt\alertsvc.exe
Services :O23 : MSTEE s