No system restore.Antivirus pop ups & desktop tray pop ups

W

wisenheimer

New member
Okay today I decided to really do some research on whats wrong with my computer. I got rid of the little gray square that pops up from the bottom right corner every 5 minutes saying "Your computer is infected! Critical system error!" and another pop up from the corner thats a yellow triangle and gives a message as if it is actually the system. All of this was taken care of with Spybot and when I tried to run Lavasoft's Ad-Aware SE Personal the computer popped up something like System Shutdown. It gave a timer to save open work then shut down. I tried it a second time but the computer was off when I came downstairs. I still get internet pop ups telling me to download a variety of antivirus programs. I did a scan and log with HijackThis because In the various attempts at getting help I've seen this many times.

**Whenever I try to run REGEDIT, a pop up dialogue box says:

C:\Windows\system32\REGEDIT.COM
The NTVDM CPU has encountered an illegal instruction.
CS:054f IP:0102 OP:ff ff 83 3e 51 Choose 'Close' to terminate the application.

It leaves you the choices of Close or Ignore. Neither button does anything.

**When I tried to run System Restore with run and some command that I found on the net it said this:

System Restore has been turned off by group policy.




Here's my HijackThis log. The internet I use is AOL Explorer with Optimum Online Cable.


Logfile of HijackThis v1.99.1
Scan saved at 8:07:08 PM, on 8/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\AOL\1124339193\ee\AOLHostManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\73305db.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\WINDOWS\system32\apbzk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\AOL\1124339193\ee\AOLServiceHost.exe
C:\WINDOWS\system32\l3jdfs.exe
C:\WINDOWS\system32\y3aqsoepa.exe
C:\WINDOWS\system32\afdaqd3.exe
C:\WINDOWS\system32\vp1i4.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Common Files\AOL\1124339193\ee\AOLServiceHost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\AOL\1124339193\ee\AOLServiceHost.exe
C:\Documents and Settings\STEVE\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.trustyhound.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - _{707E6F76-9FFB-4920-A976-EA101271BC25} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F2 - REG:system.ini: Shell=Explorer.exe,
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cehwlom.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - (no file)
O3 - Toolbar: (no name) - {BDF6CE3D-F5C5-4462-9814-3C8EAC330CA8} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll
O3 - Toolbar: (no name) - {12EE7A5E-0674-42f9-A76B-000000004D00} - (no file)
O3 - Toolbar: (no name) - {5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} - (no file)
O3 - Toolbar: (no name) - {52FE5233-367C-4EFB-BDD7-0BE4D212C107} - (no file)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [dacrxg] C:\WINDOWS\System32\rftbbkf.exe
O4 - HKLM\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdRoarUpdate] C:\WINDOWS\ARUpdate.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [oenxsu] C:\WINDOWS\system32\iercvcg.exe r
O4 - HKLM\..\Run: [txissle] C:\WINDOWS\system32\lfjlrfm.exe r
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124339193\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [73305db.exe] C:\WINDOWS\system32\73305db.exe
O4 - HKLM\..\Run: [wGzyM6F48] C:\WINDOWS\system32\apbzk.exe
O4 - HKLM\..\Run: [epy9J] "C:\WINDOWS\system32\l3jdfs.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\RunServices: [WinProfile] sndcfg16.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [zSearch] C:\Program Files\zSearch\Zstb.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [73305db.exe] C:\Documents and Settings\STEVE\Local Settings\Application Data\73305db.exe
O4 - HKCU\..\Run: [wnuic] C:\WINDOWS\system32\bajpbj.exe reg_run
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: MyWebSearch Email Plugin.lnk = C:\Program Files\MyWebSearch\bar\2.bin\MWSOEMON.EXE
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZNxdm006YYUS
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar3.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} (YazzleActiveX Control) - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {BA685A19-A28D-4241-B68A-FDE428C7B44E} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C4AE95E6-4EE4-6B4F-A12B-EAAA3858187F} (MNPerformer Class) - http://art.towerrecords.com/performer/PerformerSetup.cab
O16 - DPF: {DAEB8818-608B-40D2-8AD6-193753623CEB} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: repairs303169590.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: GEDZAC Service (GEDZAC LABS) - Unknown owner - C:\WINDOWS\system32\UNAPLOGARP.SCR (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)

I will not be in to check this until tuesday but please help.
 
C:\WINDOWS\System32\Svchost.exe problems

I previously posted a log file but it was more then 7 pages ago left unanswered so it is no longer on the site. At that time my registry editing was not working. I couldnt run regedit or regedit.exe without getting an error message. My newest problems are that I can't view a lot of images on the web without it being a little red x. When I right click and click 'Show Picture' it shows 3 shapes that are red blue and green. When I start my computer everytime it shows 4 error messages. 2 of them are the same ones over again. One is

C:\WINDOWS\System32\Scvhost.exe
Windows cannot find 'C:\WINDOWS\System32\Scvhost.exe'. Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

and the other

Desktop
Could not load or run 'C:\WINDOWS\System32\Scvhost.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.

I have recently ran and completed a McAfee Virus Scan, a SpyBot Scan, an Ad-Aware Scan and a RegScrubXP Scan. My internet browser is AOL Explorer. My IE Version is 6.0.2900.....




Logfile of HijackThis v1.99.1
Scan saved at 8:55:02 AM, on 8/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Common Files\AOL\1124339193\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\73305db.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\{B4B02FDF-095A-1033-0721-030718030001}\Update.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
c:\program files\common files\aol\1124339193\ee\aexplore.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://webmail.optonline.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.238.43.125:8100
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cehwlom.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {15BF9F3F-2FDC-2551-868C-204043E1FC97} - (no file)
O2 - BHO: (no name) - {2592AF36-029E-1361-ABB8-636D76D9D1AE} - (no file)
O2 - BHO: (no name) - {268B99C9-6C33-23CF-5743-0C9B392FDDF4} - (no file)
O2 - BHO: (no name) - {29401FB2-7814-4074-9F48-BB20680D1861} - (no file)
O2 - BHO: (no name) - {39D5337C-C739-0DEA-8056-175508AE2812} - (no file)
O2 - BHO: (no name) - {3B8E302D-C261-59B7-D154-175508A02E49} - (no file)
O2 - BHO: (no name) - {4541A1B2-BBC4-4ED0-9269-46D9CADE209F} - (no file)
O2 - BHO: (no name) - {4DE1205B-3CF0-4A15-353F-2011F6A2C0D4} - (no file)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: (no name) - {85745D40-B1F6-EE72-FE2D-BFC9DBC86F99} - (no file)
O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINDOWS\system32\vf1v62x.dll
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124339193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [73305db.exe] C:\WINDOWS\system32\73305db.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [73305db.exe] C:\Documents and Settings\Matt\Local Settings\Application Data\73305db.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/YazzleActiveX.cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O16 - DPF: {BA685A19-A28D-4241-B68A-FDE428C7B44E} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C4AE95E6-4EE4-6B4F-A12B-EAAA3858187F} (MNPerformer Class) - http://art.towerrecords.com/performer/PerformerSetup.cab
O16 - DPF: {DAEB8818-608B-40D2-8AD6-193753623CEB} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: cbxyxwx - cbxyxwx.dll (file missing)
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g7167656.dll (file missing)
O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll (file missing)
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: GEDZAC Service (GEDZAC LABS) - Unknown owner - C:\WINDOWS\system32\UNAPLOGARP.SCR (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Windows Firewall/Internet Connection Sharing (ICS) (SharedAccess) - Unknown owner - C:\WINDOWS\C:\WINDOWS\System32\svchost.exe (file missing)
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WinTools for IE service (WinToolsSvc) - Unknown owner - C:\Program Files\Common Files\WinTools\WToolsS.exe (file missing)
 
Ive noticed in my log that SurfSideKick is there and it keeps coming up everytime I use SpyBot and I can't go to the file and delete it because it is running all the time. My AV catches it at start up but I cant delete it.
 
Last edited by a moderator:
Okay so I dont know how but system restore is back but it wont let me go back to last month or any previous months and when I checked the settings it was on 12%. Another thing I noticed today is that flash doesnt work on my computer. I tried uninstalling it with the uninstaller on the website but it stops at 93% unless I end the process KILLBR~1.exe. I try installing the latest version but instead of a message that says installation successfull it shows 2 short black lines like quotes (") in the upper left hand corner of where the message should be.
 
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
 
Thank you for helping. Here it is.

Start Time= Fri 08/11/2006 21:15:09.84
Running from: C:\Documents and Settings\Matt\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Alexis\Application Data\Sskknwrd.dll.ren
C:\Documents and Settings\Alexis\Local Settings\Temporary Internet Files\Ssk.log.ren
C:\Documents and Settings\Jaclyn\Application Data\Sskcwrd.dll.ren
C:\Documents and Settings\Jaclyn\Application Data\Sskknwrd.dll.ren
C:\Documents and Settings\Jaclyn\Local Settings\Temporary Internet Files\Ssk.log.ren
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Ssk.log.ren
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\WINDOWS\Prefetch\SSK.EXE-20EC298C.pf
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Ssk.log.ren

21:33:55.26
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-11 11:57:20 ( .D... ) "C:\Program Files\Common Files\Java"
2006-08-09 14:24:28 ( .D... ) "C:\Program Files\RegScrubXP"
2006-08-09 13:24:24 ( .D... ) "C:\Program Files\Common Files\aolshare"
2006-08-09 09:30:16 ( .D... ) "C:\Program Files\Common Files\kqmw"
2006-08-08 18:10:20 0 ( A.... ) "C:\loaded.exe"
2006-08-04 15:01:44 ( .D... ) "C:\Program Files\Lavasoft"
2006-08-03 16:54:10 341 ( A.... ) "C:\WINDOWS\yupvr.dll"
2006-08-02 04:54:38 ( .D... ) "C:\Program Files\Safety Bar"
2006-08-01 21:24:22 14848 ( A.... ) "C:\WINDOWS\system32\cool.exe"
2006-07-29 15:37:54 70656 ( A.... ) "C:\WINDOWS\system32\btpanuib.dll"
2006-07-29 15:37:52 69632 ( A.... ) "C:\WINDOWS\system32\compstuid.dll"
2006-07-29 10:02:46 32208 ( ..SH. ) "C:\Program Files\Common Files\Y1304OU.exe"
2006-07-29 10:01:20 36864 ( A.... ) "C:\WINDOWS\system32y3aqsoepa.exe"
2006-07-29 10:01:20 0 ( A.... ) "C:\WINDOWS\system32cymmh.exe"
2006-07-29 10:01:06 36864 ( A.... ) "C:\WINDOWS\system32\y3aqsoepa.exe"
2006-07-29 10:01:06 28672 ( A.... ) "C:\WINDOWS\system32\cymmh.exe"
2006-07-29 10:00:58 221184 ( A.... ) "C:\WINDOWS\system32\vf1v62x.dll"
2006-07-28 10:47:30 176128 ( A.... ) "C:\WINDOWS\system32\pgqbwa.dll"
2006-07-27 10:49:30 20992 ( A.... ) "C:\WINDOWS\system32\73305db.exe"
2006-07-27 10:46:26 ( .D... ) "C:\Documents and Settings\Matt\Application Data\S?mantec"
2006-07-27 10:45:56 ( .D... ) "C:\Program Files\Common Files\{B4B02FDF-095A-1033-0721-030718030001}"
2006-07-27 09:24:46 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-07-26 22:52:22 1024 ( A.... ) "C:\Documents and Settings\Matt\Application Data\WavCodec.wff"
2006-07-24 15:31:12 36864 ( A.... ) "C:\WINDOWS\system32\vp1i4.exe"
2006-07-24 12:06:30 178 ( A.... ) "C:\WINDOWS\system32\del32.bat"
2006-07-24 08:58:08 ( .D... ) "C:\Program Files\Steinberg"
2006-07-24 08:57:16 ( .D... ) "C:\Program Files\FLStudio4"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-21 04:24:44 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-19 23:17:12 ( .D... ) "C:\Documents and Settings\Matt\Application Data\Talkback"
2006-07-19 23:15:52 ( .D... ) "C:\Documents and Settings\Matt\Application Data\Mozilla"
2006-07-16 11:53:04 ( .D... ) "C:\Program Files\D-Tools"
2006-07-14 11:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-13 09:33:28 8453632 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-12 10:19:30 ( .D... ) "C:\Documents and Settings\Matt\Application Data\Lavasoft"
2006-07-10 19:45:46 ( .D... ) "C:\Program Files\Common Files\NSIS"
2006-07-05 22:00:48 ( .D... ) "C:\Program Files\Arcade!"
2006-07-05 13:52:56 25 ( A.... ) "C:\WINDOWS\SW_Win2000X48.DLL"
2006-07-05 06:55:02 984064 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-04 13:32:10 ( .D... ) "C:\Program Files\AOL Pictures"
2006-06-28 10:37:20 ( .D... ) "C:\Documents and Settings\Matt\Application Data\uTorrent"
2006-06-27 15:45:06 ( .D... ) "C:\Program Files\Kodak"
2006-06-27 09:17:04 ( .D... ) "C:\Documents and Settings\Matt\Application Data\InterVideo"
2006-06-27 09:11:42 ( .D... ) "C:\Program Files\InterVideo Information Service"
2006-06-27 09:08:00 ( .D... ) "C:\Program Files\Common Files\InterVideo"
2006-06-26 13:37:10 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-26 13:37:10 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-16 23:15:18 ( .D... ) "C:\Program Files\DivX"
2006-06-14 13:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-13 16:32:34 ( .D... ) "C:\Program Files\AviSynth 2.5"
2006-06-13 16:26:12 ( .D... ) "C:\Program Files\Pure Motion"
2006-06-13 16:26:04 ( .D... ) "C:\Program Files\Sonic Foundry"
2006-06-13 16:25:46 ( .D... ) "C:\Program Files\DebugMode"
2006-05-24 18:48:04 109568 ( A.... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-05-24 18:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-24 18:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2005-07-18 20:04:14 10822 ( A.... ) "C:\Program Files\Uninst.isu"
2005-07-18 20:03:44 1429 ( A.... ) "C:\Program Files\Uninstall the iDEN WebJAL.lnk"
2004-07-07 08:58:34 11108 ( A.... ) "C:\Program Files\GMV EULA Extended Speech_V1.txt"
2004-05-13 09:47:18 2992 ( A.... ) "C:\Program Files\Readme.txt"
2004-05-13 09:47:08 11 ( A.... ) "C:\Program Files\ver.ini"
2004-04-29 11:30:18 966656 ( A.... ) "C:\Program Files\WebJAL.exe"
2004-04-28 10:03:16 102400 ( A.... ) "C:\Program Files\IUSB.dll"
2004-03-19 15:43:30 1399891 ( A.... ) "C:\Program Files\SilentInstallUSBDrivers.exe"
2003-12-17 14:54:34 103015 ( A.... ) "C:\Program Files\GMV EULA Extended Speech_V1.pdf"
2003-09-11 14:48:40 77824 ( A.... ) "C:\Program Files\iplcomm.dll"
2003-02-19 18:01:26 195160 ( A.... ) "C:\Program Files\White Paper - What's A Personality Worth .pdf"
2003-02-19 18:01:06 93984 ( A.... ) "C:\Program Files\White Paper - Voice Branding for the Enterprise.pdf"
2003-02-12 15:53:58 28672 ( A.... ) "C:\Program Files\iulcomm.dll"
2003-01-29 11:05:18 32768 ( A.... ) "C:\Program Files\HUSBcomm.dll"
2003-01-22 10:12:18 73728 ( A.... ) "C:\Program Files\iDEN_PST.DLL"
2002-12-18 12:56:30 147456 ( A.... ) "C:\Program Files\JALCOMM.dll"
2002-12-09 10:58:22 49152 ( A.... ) "C:\Program Files\iUSBMon.dll"
2002-09-27 13:06:46 94208 ( A.... ) "C:\Program Files\ISL_IFL.dll"
2002-08-16 09:03:54 24576 ( A.... ) "C:\Program Files\USBCheck.dll"
2000-10-16 09:38:00 53248 ( A.... ) "C:\Program Files\mzip.dll"
 
(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-11 11:58 49,250 C:\WINDOWS\system32\javaw.exe
2006-08-11 11:58 49,248 C:\WINDOWS\system32\java.exe
2006-08-11 11:58 127,078 C:\WINDOWS\system32\javaws.exe
2006-08-09 09:30 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-08-04 19:55 266,360 C:\WINDOWS\system32\TweakUI.exe
2006-08-04 13:06 402,653,184 C:\pagefile.sys
2006-07-29 19:00 0 C:\loaded.exe
2006-07-29 15:37 70,656 C:\WINDOWS\system32\btpanuib.dll
2006-07-29 15:37 69,632 C:\WINDOWS\system32\compstuid.dll
2006-07-29 10:01 36,864 C:\WINDOWS\system32y3aqsoepa.exe
2006-07-29 10:01 36,864 C:\WINDOWS\system32\y3aqsoepa.exe
2006-07-29 10:01 28,672 C:\WINDOWS\system32\cymmh.exe
2006-07-29 10:01 0 C:\WINDOWS\system32cymmh.exe
2006-07-29 10:00 36,864 C:\WINDOWS\system32\vp1i4.exe
2006-07-29 10:00 341 C:\WINDOWS\yupvr.dll
2006-07-29 10:00 221,184 C:\WINDOWS\system32\vf1v62x.dll
2006-07-29 08:52 176,128 C:\WINDOWS\system32\pgqbwa.dll
2006-07-28 11:46 14,848 C:\WINDOWS\system32\cool.exe
2006-07-27 10:49 20,992 C:\WINDOWS\system32\73305db.exe
2006-07-24 11:50 178 C:\WINDOWS\system32\del32.bat
2006-07-07 15:55 195,584 C:\WINDOWS\system32\XVoice.dll
2006-07-07 15:55 190,464 C:\WINDOWS\system32\landplot.dll
2006-07-07 15:55 173,056 C:\WINDOWS\system32\Vtext.dll
2006-07-05 13:52 25 C:\WINDOWS\SW_Win2000X48.DLL
2006-06-27 16:01 5,632 C:\WINDOWS\system32\ptpusb.dll
2006-06-27 16:01 159,232 C:\WINDOWS\system32\ptpusd.dll
2006-06-27 09:07 204,800 C:\WINDOWS\system32\IVIresizeW7.dll
2006-06-27 09:07 200,704 C:\WINDOWS\system32\IVIresizeA6.dll
2006-06-27 09:07 20,480 C:\WINDOWS\system32\IVIresize.dll
2006-06-27 09:07 192,512 C:\WINDOWS\system32\IVIresizeP6.dll
2006-06-27 09:07 192,512 C:\WINDOWS\system32\IVIresizeM6.dll
2006-06-27 09:07 188,416 C:\WINDOWS\system32\IVIresizePX.dll
 
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Optimum Online"="C:\\Program Files\\Optimum Online\\Netsurf.exe -tray"
"VSOCheckTask"="\"C:\\PROGRA~1\\McAfee.com\\VSO\\mcmnhdlr.exe\" /checktask"
"VirusScan Online"="C:\\Program Files\\McAfee.com\\VSO\\mcvsshld.exe"
"MCAgentExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"MCUpdateExe"="C:\\PROGRA~1\\mcafee.com\\agent\\McUpdate.exe"
"BCMSMMSG"="BCMSMMSG.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"UserFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,65,\
6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,75,00
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"OASClnt"="C:\\Program Files\\McAfee.com\\VSO\\oasclnt.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1124339193\\ee\\AOLSoftware.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"Dell AIO Printer A920"="\"C:\\Program Files\\Dell AIO Printer A920\\dlbkbmgr.exe\""
"MimBoot"="C:\\PROGRA~1\\MUSICM~1\\MUSICM~1\\mimboot.exe"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"73305db.exe"="C:\\WINDOWS\\system32\\73305db.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NVMCTRAY.DLL,NvTaskbarInit"
"73305db.exe"="C:\\Documents and Settings\\Matt\\Local Settings\\Application Data\\73305db.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoCDBurning"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{B4B02FDF-095A-1033-0721-030718030001}"="\"C:\\Program Files\\Common Files\\{B4B02FDF-095A-1033-0721-030718030001}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="http://www.punkvoter.com/images/ftr/punkvoterbnr.gif"
"SubscribedURL"="http://www.punkvoter.com/images/ftr/punkvoterbnr.gif"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,e0,01,00,00,3c,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,19,01,00,00,e0,01,00,00,3c,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="http://newyork.mets.mlb.com/images/players/action/ph_120536.jpg"
"SubscribedURL"="http://newyork.mets.mlb.com/images/players/action/ph_120536.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,61,02,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,ea,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,02,00,00,3d,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,8c,c0,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\10]
"Source"="http://atlanta.braves.mlb.com/images/players/action/ph_116662.jpg"
"SubscribedURL"="http://atlanta.braves.mlb.com/images/players/action/ph_116662.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cf,01,00,00,d3,01,00,00,bf,00,00,00,87,00,00,00,fc,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,01,00,00,19,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,a0,81,e1,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\11]
"Source"="http://sanfrancisco.giants.mlb.com/images/players/action/ph_111188.jpg"
"SubscribedURL"="http://sanfrancisco.giants.mlb.com/images/players/action/ph_111188.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,16,01,00,00,d6,01,00,00,bf,00,00,00,87,00,00,00,fe,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,01,00,00,2b,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,b2,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,90,12,a6,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\12]
"Source"="http://www.newyorkjets.com/roster/view_bio_photo.php?id=65"
"SubscribedURL"="http://www.newyorkjets.com/roster/view_bio_photo.php?id=65"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,02,00,00,4f,01,00,00,6e,00,00,00,7b,00,00,00,00,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,02,00,00,4f,01,00,00,6e,00,00,00,7b,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9d,02,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,c0,39,bc,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\13]
"Source"="http://assets.sportvision.com/falcons/assets/images/1952.jpg"
"SubscribedURL"="http://assets.sportvision.com/falcons/assets/images/1952.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,01,00,00,59,00,00,00,8c,00,00,00,9a,00,00,00,02,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,01,00,00,59,00,00,00,8c,00,00,00,9a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,08,e0,c1,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\14]
"Source"="http://www.kcchiefs.com/images/HOLMESpriest2002.jpg"
"SubscribedURL"="http://www.kcchiefs.com/images/HOLMESpriest2002.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dc,00,00,00,59,00,00,00,73,00,00,00,ac,00,00,00,04,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,00,00,00,59,00,00,00,73,00,00,00,ac,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,50,20,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\15]
"Source"="http://www.nba.com/media/act_jermaine_oneal.jpg"
"SubscribedURL"="http://www.nba.com/media/act_jermaine_oneal.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ca,01,00,00,6b,00,00,00,8c,00,00,00,dc,00,00,00,06,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,01,00,00,6b,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,e0,4a,3f,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\16]
"Source"="http://www.nba.com/media/act_allan_houston.jpg"
"SubscribedURL"="http://www.nba.com/media/act_allan_houston.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b8,01,00,00,7d,00,00,00,8c,00,00,00,dc,00,00,00,08,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,01,00,00,7d,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,48,e8,56,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\17]
"Source"="http://www.nba.com/media/act_doug_christie.jpg"
"SubscribedURL"="http://www.nba.com/media/act_doug_christie.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,fd,ff,ff,ff,07,02,00,00,6f,00,00,00,dc,00,00,00,0a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,b8,00,00,00,73,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,20,69,57,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\18]
"Source"="http://www.nba.com/media/act_kevin_garnett.jpg"
"SubscribedURL"="http://www.nba.com/media/act_kevin_garnett.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,f4,ff,ff,ff,2b,01,00,00,7b,00,00,00,dc,00,00,00,0c,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,00,00,00,61,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,18,80,c4,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\19]
"Source"="http://www.nba.com/media/act_allen_iverson.jpg"
"SubscribedURL"="http://www.nba.com/media/act_allen_iverson.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,00,00,00,00,4f,00,00,00,71,00,00,00,dc,00,00,00,0e,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,00,00,00,7d,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,83,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,70,70,d3,05
 
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="http://detroit.tigers.mlb.com/images/players/action/ph_121358.jpg"
"SubscribedURL"="http://detroit.tigers.mlb.com/images/players/action/ph_121358.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cc,01,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,ec,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ee,01,00,00,3d,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,08,53,b7,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\20]
"Source"="http://www.nba.com/media/act_shaquille_oneal.jpg"
"SubscribedURL"="http://www.nba.com/media/act_shaquille_oneal.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6e,00,00,00,83,01,00,00,aa,00,00,00,dc,00,00,00,10,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,00,00,00,6b,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,09,07,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,70,da,cb,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\21]
"Source"="http://www.nba.com/media/mediacentralns/2004Draft_Okafor_Emeka.jpg"
"SubscribedURL"="http://www.nba.com/media/mediacentralns/2004Draft_Okafor_Emeka.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,74,02,00,00,77,01,00,00,41,00,00,00,5a,00,00,00,12,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,00,00,00,4f,01,00,00,41,00,00,00,5a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,61,04,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,30,1f,28,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\22]
"Source"="http://www.nba.com/media/mediacentralns/2004Draft_Flores_Luis.jpg"
"SubscribedURL"="http://www.nba.com/media/mediacentralns/2004Draft_Flores_Luis.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,62,02,00,00,1b,01,00,00,41,00,00,00,5a,00,00,00,14,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,01,00,00,85,01,00,00,41,00,00,00,5a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,b0,50,3b,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\23]
"Source"="http://www.nba.com/media/mediacentralns/2004Draft_Gordon_Ben.jpg"
"SubscribedURL"="http://www.nba.com/media/mediacentralns/2004Draft_Gordon_Ben.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,6a,01,00,00,9a,00,00,00,41,00,00,00,5a,00,00,00,16,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a6,00,00,00,8f,00,00,00,41,00,00,00,5a,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,50,c2,3d,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\24]
"Source"="http://www.philadelphiaeagles.com/uploads/photos/perm/main/BNFDODEPMKAF/mcnabb_donovan_04.jpg"
"SubscribedURL"="http://www.philadelphiaeagles.com/uploads/photos/perm/main/BNFDODEPMKAF/mcnabb_donovan_04.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dd,01,00,00,4f,01,00,00,8c,00,00,00,a5,00,00,00,18,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,dc,01,00,00,4f,01,00,00,8c,00,00,00,a5,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,d3,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,28,8f,d7,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\25]
"Source"="http://www.nba.com/media/act_steve_francis.jpg"
"SubscribedURL"="http://www.nba.com/media/act_steve_francis.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,5f,00,00,00,01,01,00,00,8c,00,00,00,dc,00,00,00,1a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,01,00,00,73,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,f8,58,3b,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\26]
"Source"="http://www.nba.com/media/act_kenyon_martin.jpg"
"SubscribedURL"="http://www.nba.com/media/act_kenyon_martin.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,71,00,00,00,9b,00,00,00,98,00,00,00,e6,00,00,00,1c,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,02,00,00,6b,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,61,04,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,f0,df,bb,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\27]
"Source"="http://www.nba.com/media/act_tim_duncan.jpg"
"SubscribedURL"="http://www.nba.com/media/act_tim_duncan.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,44,01,00,00,ec,00,00,00,8c,00,00,00,dc,00,00,00,1e,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,02,00,00,8f,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e3,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,30,00,5e,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\28]
"Source"="http://www.nba.com/media/act_jason_kidd.jpg"
"SubscribedURL"="http://www.nba.com/media/act_jason_kidd.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,7c,01,00,00,02,01,00,00,8c,00,00,00,dc,00,00,00,20,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,02,00,00,7d,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,68,8c,5c,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\29]
"Source"="http://www.nba.com/media/act_baron_davis.jpg"
"SubscribedURL"="http://www.nba.com/media/act_baron_davis.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,cf,01,00,00,5d,01,00,00,8c,00,00,00,dc,00,00,00,22,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,b8,02,00,00,73,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,38,c4,4c,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\3]
"Source"="http://arizona.diamondbacks.mlb.com/images/players/action/ph_116615.jpg"
"SubscribedURL"="http://arizona.diamondbacks.mlb.com/images/players/action/ph_116615.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,09,01,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,ee,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,2b,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,64,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,70,b0,ae,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\30]
"Source"="http://www.nba.com/media/act_tracy_mcgrady.jpg"
"SubscribedURL"="http://www.nba.com/media/act_tracy_mcgrady.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,97,01,00,00,7f,01,00,00,8c,00,00,00,dc,00,00,00,24,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ca,02,00,00,61,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,f0,4c,ce,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\31]
"Source"="http://www.nba.com/media/act_kobe_bryant.jpg"
"SubscribedURL"="http://www.nba.com/media/act_kobe_bryant.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,b8,01,00,00,f6,00,00,00,8c,00,00,00,dc,00,00,00,26,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ca,01,00,00,61,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,49,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,d8,27,2a,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\32]
"Source"="http://www.nba.com/media/act_ray_allen.jpg"
"SubscribedURL"="http://www.nba.com/media/act_ray_allen.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,94,02,00,00,0d,01,00,00,8c,00,00,00,c3,00,00,00,28,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,a6,02,00,00,85,01,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,58,40,5a,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\33]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_120691.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_120691.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,44,02,00,00,54,01,00,00,bd,00,00,00,7e,00,00,00,2a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,00,00,00,85,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,1c,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,80,12,64,04
 
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\34]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_114739.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_114739.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ff,02,00,00,55,01,00,00,b8,00,00,00,7e,00,00,00,2c,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,94,02,00,00,a1,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,1c,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,28,c0,16,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\35]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_121250.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_121250.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,dd,02,00,00,7b,00,00,00,bf,00,00,00,87,00,00,00,2e,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:18,00,00,00,12,02,00,00,23,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\36]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_122111.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_122111.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,5a,02,00,00,50,00,00,00,bf,00,00,00,87,00,00,00,30,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,12,02,00,00,19,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,52,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,18,f6,db,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\37]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_116539.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_116539.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,ce,01,00,00,38,00,00,00,bf,00,00,00,87,00,00,00,32,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,12,01,00,00,23,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,52,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,90,93,92,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\38]
"Source"="http://minnesota.twins.mlb.com/images/players/action/ph_116338.jpg"
"SubscribedURL"="http://minnesota.twins.mlb.com/images/players/action/ph_116338.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,2c,01,00,00,34,00,00,00,bf,00,00,00,87,00,00,00,34,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ee,00,00,00,47,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,8e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,08,53,b7,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\39]
"Source"="http://boston.redsox.mlb.com/images/players/action/ph_120903.jpg"
"SubscribedURL"="http://boston.redsox.mlb.com/images/players/action/ph_120903.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,67,00,00,00,21,00,00,00,b7,00,00,00,87,00,00,00,36,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,01,00,00,47,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,00,a2,b2,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\4]
"Source"="http://chicago.cubs.mlb.com/images/players/action/ph_122544.jpg"
"SubscribedURL"="http://chicago.cubs.mlb.com/images/players/action/ph_122544.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,53,00,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,f0,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,03,00,00,2b,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,a0,09,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,e8,87,d8,04

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\40]
"Source"="http://www.nba.com/media/act_vince_carter.jpg"
"SubscribedURL"="http://www.nba.com/media/act_vince_carter.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,05,01,00,00,27,01,00,00,9a,00,00,00,f9,00,00,00,38,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,a6,01,00,00,8f,00,00,00,8c,00,00,00,dc,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,e1,06,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,40,84,1b,08

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\41]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,00,00,3a,\
04,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,00
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\5]
"Source"="http://newyork.yankees.mlb.com/images/players/action/ph_121347.jpg"
"SubscribedURL"="http://newyork.yankees.mlb.com/images/players/action/ph_121347.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,61,02,00,00,85,00,00,00,bf,00,00,00,87,00,00,00,f2,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,dc,02,00,00,59,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,88,05,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,98,8f,b3,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\6]
"Source"="http://chicago.whitesox.mlb.com/images/players/action/ph_123245.jpg"
"SubscribedURL"="http://chicago.whitesox.mlb.com/images/players/action/ph_123245.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,80,02,00,00,87,00,00,00,bf,00,00,00,87,00,00,00,f4,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,00,00,00,3d,01,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,8e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,98,8f,b3,06

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\7]
"Source"="http://tampabay.devilrays.mlb.com/images/players/action/ph_408307.jpg"
"SubscribedURL"="http://tampabay.devilrays.mlb.com/images/players/action/ph_408307.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,c3,01,00,00,85,00,00,00,bf,00,00,00,87,00,00,00,f6,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,02,00,00,35,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,63,03,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,a0,87,a7,05

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\8]
"Source"="http://stlouis.cardinals.mlb.com/images/players/action/ph_405395.jpg"
"SubscribedURL"="http://stlouis.cardinals.mlb.com/images/players/action/ph_405395.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,61,02,00,00,b3,01,00,00,bf,00,00,00,87,00,00,00,f8,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,00,03,00,00,35,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,9d,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,40,68,23,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\9]
"Source"="http://florida.marlins.mlb.com/images/players/action/ph_334393.jpg"
"SubscribedURL"="http://florida.marlins.mlb.com/images/players/action/ph_334393.jpg"
"FriendlyName"=""
"Flags"=dword:00000001
"Position"=hex:2c,00,00,00,89,02,00,00,d4,01,00,00,bf,00,00,00,87,00,00,00,fa,\
03,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ee,02,00,00,47,00,00,00,bf,00,00,00,87,00,\
00,00,01,00,00,40
"RestoredStateInfo"=hex:dc,ff,6e,08,09,48,e9,77,88,32,e8,77,ff,ff,ff,ff,de,60,\
e7,77,18,d7,e7,04

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5BACC17E-BDF7-405B-BC68-ECB506395118}"="NSIS Media Extension"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Alexis^Start Menu^Programs^Startup^MyWebSearch Email Plugin.lnk]
"path"="C:\\Documents and Settings\\Alexis\\Start Menu\\Programs\\Startup\\MyWebSearch Email Plugin.lnk"
"backup"="C:\\WINDOWS\\pss\\MyWebSearch Email Plugin.lnkStartup"
"location"="Startup"
"command"="C:\\Program Files\\MyWebSearch\\bar\\1.bin\\MWSOEMON.EXE "
"item"="MyWebSearch Email Plugin"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Adobe\\ACROBA~2.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Forget Me Not.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Forget Me Not.lnk"
"backup"="C:\\WINDOWS\\pss\\Forget Me Not.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BRODER~1\\AGCREA~1\\AGRemind.exe "
"item"="Forget Me Not"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Google Updater.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Google Updater.lnk"
"backup"="C:\\WINDOWS\\pss\\Google Updater.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\Google\\GOOGLE~2\\11489~1.276\\GOOGLE~1.EXE -systray -startup"
"item"="Google Updater"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="aim"
"hkey"="HKCU"
"command"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:_Program Files_WordPerfe3a]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CorUpd"
"hkey"="HKCU"
"command"="C:\\Program Files\\WordPerfect Office 11\\Programs\\CorUpd.exe /Watch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C:_PROGRA~1_WORDPE~1_Progr28]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CorUpd"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\WORDPE~1\\Programs\\CorUpd.exe /Watch"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="daemon"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DesktopWeather"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\The Weather Channel FW\\Desktop Weather\\DesktopWeather.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPClientMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GPClientMonitor"
"hkey"="HKLM"
"command"="C:\\Program Files\\GalleryPlayer\\Player\\GPClientMonitor.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GPDownloadManager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GPDownloadManager"
"hkey"="HKLM"
"command"="C:\\Program Files\\GalleryPlayer\\Player\\GPDownloadManager.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrivacyScanner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pscan"
"hkey"="HKCU"
"command"="C:\\Program Files\\Privacy Champion\\pscan.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealPlayer]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realplay"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Real\\RealPlayer\\realplay.exe\" /RunUPGToolCommandReBoot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ypager"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableRegistryTools REG_DWORD 0 (0x0)
DisableTaskMgr REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\ (HOME-Matt).job

Completion time: Fri 08/11/2006 21:34:36.89
ComboFix ver 06.07.15/30 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-08-11.211509.txt
 
Hi
What version of SpyBot is it you have ?
Do you have any p2p programs, mirc and is microsoft office installed ?
has there been any problems with it ?
How many drives does this pc have and is it networked ?
GEDZAC labs
http://www.sophos.com/security/analyses/w32cazdegb.html
Open a command prompt (start run type cmd press enter) type (include the quotes)
sc delete ".NET Connection Service"
press enter, type in
sc delete "GEDZAC LABS"
press enter, type in
sc delete "ICS"
press enter, type in
sc delete "WinToolsSvc"

press enter, type exit and press enter to exit the command prompt


Start Hijackthis and place a check next to these items If there.
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
F3 - REG:win.ini: load=C:\WINDOWS\system32\scvhost.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\scvhost.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,cehwlom.exe
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {15BF9F3F-2FDC-2551-868C-204043E1FC97} - (no file)
O2 - BHO: (no name) - {2592AF36-029E-1361-ABB8-636D76D9D1AE} - (no file)
O2 - BHO: (no name) - {268B99C9-6C33-23CF-5743-0C9B392FDDF4} - (no file)
O2 - BHO: (no name) - {29401FB2-7814-4074-9F48-BB20680D1861} - (no file)
O2 - BHO: (no name) - {39D5337C-C739-0DEA-8056-175508AE2812} - (no file)
O2 - BHO: (no name) - {3B8E302D-C261-59B7-D154-175508A02E49} - (no file)
O2 - BHO: (no name) - {4541A1B2-BBC4-4ED0-9269-46D9CADE209F} - (no file)
O2 - BHO: (no name) - {4DE1205B-3CF0-4A15-353F-2011F6A2C0D4} - (no file)
O2 - BHO: (no name) - {85745D40-B1F6-EE72-FE2D-BFC9DBC86F99} - (no file)
O2 - BHO: Vdrw Class - {8711CF54-E9C5-4DB4-9B9F-7D67393CC771} - C:\WINDOWS\system32\vf1v62x.dll
O2 - BHO: (no name) - {9E992732-295F-4987-8BE3-16FAC1639198} - (no file)
O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\Safety Bar.dll
O4 - HKLM\..\Run: [73305db.exe] C:\WINDOWS\system32\73305db.exe
O4 - HKCU\..\Run: [73305db.exe] C:\Documents and Settings\Matt\Local Settings\Application Data\73305db.exe
O4 - Startup: PowerReg Scheduler.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\system32\clbcatix.dll (file missing)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - http://ax.web-nexus.net/download/ax/228/installer.exe
O16 - DPF: {64696FB5-BA15-4920-B789-F35D3FC0A36A} - http://www.icannnews.com/app/ST/ax.ocx
O16 - DPF: {74CD40EA-EF77-4BAD-808A-B5982DA73F20} - http://yax-download.yazzle.net/Yazzl...cab?refid=1123
O16 - DPF: {97B79133-88F0-45F0-8D57-0F2EF27D9C66} - http://85.255.114.166/1/rdgUS2404.exe
O20 - Winlogon Notify: awvvt - C:\WINDOWS\system32\awvvt.dll (file missing)
O20 - Winlogon Notify: cbxyxwx - cbxyxwx.dll (file missing)
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g7167656.dll (file missing)
O20 - Winlogon Notify: clbcatex - C:\WINDOWS\system32\clbcatix.dll (file missing)
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O20 - Winlogon Notify: vtsqr - C:\WINDOWS\system32\vtsqr.dll (file missing)
O20 - Winlogon Notify: winjyg32 - winjyg32.dll (file missing)
====================================
Hit fix checked and close Hijackthis.
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Code: 
REGEDIT4
;
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
;
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.

Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Fallow the instructions here including the logs mentioned at the bottom
http://forums.spybot.info/showthread.php?t=4015
 
Thanks for helping. To answer your questions:

SpyBot 1.4
No P2P or Microsoft Office to my knowledge.
Not networked and I have 3.

-Local Disk (C:)
-DVD Drive (D:)
-CD-RW Drive (E:)
***-DVD Drive (F:)-I just noticed this today when I opened 'My Computer'. If I click eject nothing happens where if I click eject on D: the DVD drive opens.

I could not delete ICS but I did everything else according to your steps.
 
SmitFraudFix v2.81

Scan done at 9:08:45.35, Sat 08/12/2006
Run from C:\Documents and Settings\Matt\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\drsmartload?.exe Deleted
C:\MTE3NDI6ODoxNg.exe Deleted
C:\uniq Deleted
C:\winstall.exe Deleted
C:\WINDOWS\drsmartload2.dat Deleted
C:\WINDOWS\keyboard1.dat Deleted
C:\WINDOWS\newname.dat Deleted
C:\WINDOWS\teller2.chk Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\WINDOWS\system32\components\flx??.dll Deleted
C:\Documents and Settings\Matt\Application Data\Install.dat Deleted
C:\Program Files\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater"



»»»»»»»»»»»»»»»»»»»»»»»» End
 
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:22:38 AM 8/12/2006

+ Scan result:



HKU\.DEFAULT\Software\VoiceIP -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-18\Software\VoiceIP -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-261903793-839522115-1005\Software\VoiceIP -> Adware.BetterInternet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RelevantKnowledge -> Adware.BroadCastPC : Cleaned with backup (quarantined).
C:\WINDOWS\U3RlcGhlbiBKLiBUb3dsZXI\__delete_on_reboot__a_s_a_p_p_s_r_v_._d_l_l_ -> Adware.CommAd : Cleaned with backup (quarantined).
C:\WINDOWS\U3RlcGhlbiBKLiBUb3dsZXI\__delete_on_reboot__c_o_m_m_a_n_d_._e_x_e_ -> Adware.CommAd : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Adware.Delfin : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{052b12f7-86fa-4921-8482-26c42316b522} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Safety Bar -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-261903793-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-261903793-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E422F49-1566-40D3-B43D-077EF739AC32} -> Adware.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-261903793-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{873EB32D-AE1A-4183-89BD-45A77F761BE4} -> Adware.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Policies\Avenue Media -> Adware.InternetOptimizer : Cleaned with backup (quarantined).
C:\Installer3.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__c_j_y_p_t_3_2_._d_l_l_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__e_l_t_m_g_r_._d_l_l_ -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cssetacl.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\d8j0li1m18.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\kydhe220.dll -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\warebundlenewer.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
[696] C:\WINDOWS\system32\wzpsrcwp.dll -> Adware.Look2Me : Error during cleaning.
[844] C:\WINDOWS\system32\wzpsrcwp.dll -> Adware.Look2Me : Error during cleaning.
HKLM\SOFTWARE\MaxSpeed -> Adware.Maxspeed : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.BHObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cvn0.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cymmh.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32bez6n4r21.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\WINDOWS\system32ghynf.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Documents and Settings\Matt\Desktop\hijackthis\backups\backup-20060812-083906-147.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32XTXPf[ttToZ -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__n_9_n_y_b_._e_x_e_ -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__z_q_s_k_w_._e_x_e_ -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vf1v62x.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\vp1i4.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\xeymi.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\y3aqsoepa.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32y3aqs[ttToZ -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\WINDOWS\system32y3aqsoepa.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
C:\Downloads\RollerCoasterTycoon2-dm[1].exe -> Adware.Trymedia : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SplWbr.dll -> Adware.VirtualBouncer : Cleaned with backup (quarantined).
C:\WINDOWS\prelimhanse.exe -> Adware.WebHancer : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Adware.WebSearch : Cleaned with backup (quarantined).
C:\drsmartload45a8b9abc.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload46a8b9abc.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload849a8b9abc.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__d_m_o_n_w_v_._d_l_l_ -> Downloader.Agent.agw : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__w_0_0_5_c_e_1_5_._d_l_l_ -> Downloader.Agent.ahv : Cleaned with backup (quarantined).
C:\fym9bvo.exe -> Downloader.Agent.ala : Cleaned with backup (quarantined).
C:\uchcsi.exe -> Downloader.Agent.aqx : Cleaned with backup (quarantined).
C:\WINDOWS\nem220.dll -> Downloader.Dyfuca : Cleaned with backup (quarantined).
C:\WINDOWS\pf79.exe -> Downloader.Dyfuca.ei : Cleaned with backup (quarantined).
C:\Documents and Settings\Guest\Local Settings\Application Data\73305db.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Jane\Local Settings\Application Data\73305db.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\Documents and Settings\Matt\Local Settings\Application Data\73305db.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\WINDOWS\system32\73305db.exe -> Downloader.Obfuscated.n : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__b_a_j_p_b_j_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__h_h_j_p_r_r_x_._d_l_l_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__q_j_a_t_b_._e_x_e_ -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\gwxsm.dat -> Downloader.Qoologic.bj : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__w_0_0_5_b_7_d_e_._d_l_l_ -> Downloader.Small : Cleaned with backup (quarantined).
C:\WINDOWS\uespr.dll -> Downloader.Small.ajc : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNgnew.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Program Files\Online Services\horedota.dll -> Downloader.Small.ctp : Cleaned with backup (quarantined).
C:\__delete_on_reboot__a_c_3___0_0_0_3_._e_x_e_ -> Downloader.Small.cyh : Cleaned with backup (quarantined).
C:\stub_113_4_0_4_0newer.exe -> Downloader.TSUpdate.o : Cleaned with backup (quarantined).
C:\WINDOWS\offun.exe -> Downloader.VB.nw : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__w_i_n_3_2_0_9_2_5_-_1_2_6_3_5_2_1_8_._e_x_e_ -> Downloader.VB.tw : Cleaned with backup (quarantined).
C:\visfx500new.exe -> Dropper.Agent.aie : Cleaned with backup (quarantined).
C:\numbsoftnew.exe -> Dropper.Agent.hl : Cleaned with backup (quarantined).
C:\WINDOWS\system32\in10b6s.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-261903793-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4DFC1D8-2D2E-4962-B0D0-389FBA0F76B5} -> Hijacker.Generic : Cleaned with backup (quarantined).
C:\Documents and Settings\Matt\Desktop\TagASaurus.exe -> Hijacker.Small : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__v_1_2_0_1_._e_x_e_ -> Hijacker.Small : Cleaned with backup (quarantined).
C:\Program Files\html1.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\Program Files\html2.htm -> Hijacker.Small.jf : Cleaned with backup (quarantined).
C:\WINDOWS\osflqvjA.exe -> Hijacker.VB.ij : Cleaned with backup (quarantined).
C:\dfndrff_9.exe -> Hijacker.VB.or : Cleaned with backup (quarantined).
C:\__delete_on_reboot__a_b_e_b_._e_x_e_ -> Not-A-Virus.Hoax.Win32.Renos.bw : Ignored.
C:\Program Files\Network Monitor\__delete_on_reboot__n_e_t_m_o_n_._e_x_e_ -> Not-A-Virus.Monitor.Win32.NetMon.a : Ignored.
C:\Documents and Settings\Jane\Cookies\jane@ads.180solutions[1].txt -> TrackingCookie.180solutions : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@config.180solutions[1].txt -> TrackingCookie.180solutions : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@buildabear.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@cybersoftwaresolutions.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@heavycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@partygaming.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ad-logics[1].txt -> TrackingCookie.Ad-logics : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@adrevolver[4].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@adrevolver[3].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@www.adtrak[1].txt -> TrackingCookie.Adtrak : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ads18.bpath[2].txt -> TrackingCookie.Bpath : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@crbanner.casinopays[2].txt -> TrackingCookie.Casinopays : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@www.casinotropez[1].txt -> TrackingCookie.Casinotropez : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@clickagents[2].txt -> TrackingCookie.Clickagents : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@banner.clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@clubdicecasino[2].txt -> TrackingCookie.Clubdicecasino : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@twci.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned.
 
C:\Documents and Settings\Jane\Cookies\jane@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1odpiapamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@e-2dj6wgk4gmdpsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@e-2dj6wjlownczedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@e-2dj6wjnyckcpoco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkocpcpidqqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyulajiboqmdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmycmazakoaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnygkdpahoq2dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@euniverseads[1].txt -> TrackingCookie.Euniverseads : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@goldenpalace[2].txt -> TrackingCookie.Goldenpalace : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@banner.grandonline[2].txt -> TrackingCookie.Grandonline : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@grandonline[2].txt -> TrackingCookie.Grandonline : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@www.grandonline[1].txt -> TrackingCookie.Grandonline : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-adidas.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-adidasus.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-leavittmanagement.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-lowermybills.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-netquote.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-powwebinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-proflowers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-reebok.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ehg-sportingbet.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@hg1.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@phg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@counter2.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@incredifind[2].txt -> TrackingCookie.Incredifind : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@linksynergy[2].txt -> TrackingCookie.Linksynergy : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@pro-market[2].txt -> TrackingCookie.Pro-market : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@sexlist[1].txt -> TrackingCookie.Sexlist : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@banner.sunpalacecasino[2].txt -> TrackingCookie.Sunpalacecasino : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@sunpalacecasino[1].txt -> TrackingCookie.Sunpalacecasino : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@anad.tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@login.tracking101[1].txt -> TrackingCookie.Tracking101 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@ac2.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@www.vegasred[1].txt -> TrackingCookie.Vegasred : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@server1.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@statse.webtrendslive[1].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@statse.webtrendslive[2].txt -> TrackingCookie.Webtrendslive : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@xxxtoolbar[1].txt -> TrackingCookie.Xxxtoolbar : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Guest\Cookies\guest@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Jane\Cookies\jane@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Matt\Cookies\matt@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
HKU\S-1-5-21-842925246-261903793-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E14DCE67-8FB7-4721-8149-179BAA4D792C} -> Trojan.Ciadoor.m : Cleaned with backup (quarantined).
HKU\S-1-5-21-842925246-261903793-839522115-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E13DDE1-E013-47EC-9C4C-27C2F78BDD26} -> Trojan.Conhook.c : Cleaned with backup (quarantined).
C:\Documents and Settings\Jane\Local Settings\Temporary Internet Files\Content.IE5\0R3V2W9X\srvlhj[1].exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\Documents and Settings\Jane\Local Settings\Temporary Internet Files\Content.IE5\8XY90DS7\srvbkv[1].exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cool.exe -> Trojan.Dialer.qs : Cleaned with backup (quarantined).
C:\WINDOWS\unwn.exe -> Trojan.Qoologic : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{B4B02FDF-095A-1033-0721-030718030001}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined).
C:\WINDOWS\__delete_on_reboot__S_Y_S_C_0_0_._e_x_e_ -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup (quarantined).


::Report end
 
Logfile of HijackThis v1.99.1
Scan saved at 1:14:37 PM, on 8/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\system32\bajpbj.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\qjatb.exe
C:\WINDOWS\system32\qjatb.exe
C:\WINDOWS\system32\qjatb.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\BCMSMMSG.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Common Files\AOL\1124339193\ee\AOLSoftware.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\kybrdff_9.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\wshtcpip.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\clbcatq.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Matt\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 24.238.43.125:8100
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\system32\qjatb.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\SYSTEM32\Userinit.exe,cehwlom.exe
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O3 - Toolbar: Optimum Online Toolbar - {720B3C59-7EDE-44d1-AD9C-71106A7550AF} - C:\Program Files\OptimumOnline\insptbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Optimum Online] C:\Program Files\Optimum Online\Netsurf.exe -tray
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1124339193\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_9.exe
O4 - HKLM\..\Run: [aqnhbh] C:\WINDOWS\system32\bajpbj.exe reg_run
O4 - HKLM\..\Run: [isvea6c6] RUNDLL32.EXE w005b7de.dll,n 002ea6c400000003005b7de
O4 - HKLM\..\Run: [w005ce15.dll] RUNDLL32.EXE w005ce15.dll,I2 002ea6c40005ce15
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [wshtcpip] C:\WINDOWS\system32\wshtcpip.exe
O4 - HKCU\..\Run: [clbcatq] C:\WINDOWS\system32\clbcatq.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [wnuic] C:\WINDOWS\system32\bajpbj.exe reg_run
O4 - Global Startup: shuqh.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Optimum Online Cursor Search - C:\Documents and Settings\All Users\Application Data\Infospace\OptimumOnline\contextsearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {BA685A19-A28D-4241-B68A-FDE428C7B44E} - http://activex.microsoft.com/objects/ocget.dll
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O16 - DPF: {C4AE95E6-4EE4-6B4F-A12B-EAAA3858187F} (MNPerformer Class) - http://art.towerrecords.com/performer/PerformerSetup.cab
O16 - DPF: {DAEB8818-608B-40D2-8AD6-193753623CEB} - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://www.popcap.com/games/popcaploader_v6.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\dx16gt.dLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: msrd2x32.exe - Unknown owner - C:\WINDOWS\system32\msrd2x32.exe (file missing)
O23 - Service: msvideo.exe - Unknown owner - C:\WINDOWS\system32\msvideo.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
 
Launch Notepad (not wordpad), and copy and paste the contents of the code box below into a new text file.
Save it as file name: "fixme.reg" (not including the quotes). Save as file type: All files (*.*) and save it on your Desktop.
Code: 
REGEDIT4
;
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{259BA022-2005-45E9-A965-10EDB9C00605}"=-
Now double-click on the fixme.reg file you saved and click on the Yes button when it asks if you would like to merge the information. Once you get a successful message delete fixme.reg.


Open a command prompt (start run type cmd press enter) type
sc delete "msvideo.exe"
press enter, type in
sc delete "msrd2x32.exe"
press enter, type exit and press enter to exit the command prompt

Start Hijackthis and place a check next to these items If there.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_9.exe
O4 - HKLM\..\Run: [aqnhbh] C:\WINDOWS\system32\bajpbj.exe reg_run
O4 - HKLM\..\Run: [isvea6c6] RUNDLL32.EXE w005b7de.dll,n 002ea6c400000003005b7de
O4 - HKLM\..\Run: [w005ce15.dll] RUNDLL32.EXE w005ce15.dll,I2 002ea6c40005ce15
O4 - HKCU\..\Run: [wshtcpip] C:\WINDOWS\system32\wshtcpip.exe
O4 - HKCU\..\Run: [clbcatq] C:\WINDOWS\system32\clbcatq.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [wnuic] C:\WINDOWS\system32\bajpbj.exe reg_run
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run combo fix again and post its log

Download and run stinger
http://vil.nai.com/vil/stinger/
1: Download v2.6.0 [1,144,839 bytes] (4/5/2006) ,
Post its log to.
 
Start Time= Sun 08/13/2006 7:36:36.06
Running from: C:\Documents and Settings\Matt\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{FAFFAC32-2B65-4F18-87A5-4237ACD3952F}]
@=""

[HKEY_CLASSES_ROOT\clsid\{FAFFAC32-2B65-4F18-87A5-4237ACD3952F}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{FAFFAC32-2B65-4F18-87A5-4237ACD3952F}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{FAFFAC32-2B65-4F18-87A5-4237ACD3952F}\InprocServer32]
@="C:\\WINDOWS\\system32\\VLAR2232.DLL"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
 
FILES REMOVED:

C:\WINDOWS\SYSTEM32\dx16gt.dLL
C:\WINDOWS\SYSTEM32\h40qled51h0.dll
C:\WINDOWS\SYSTEM32\irp8l57u1.dll
C:\WINDOWS\SYSTEM32\jtl6073se.dll
C:\WINDOWS\SYSTEM32\mirecr40.dll
C:\WINDOWS\SYSTEM32\n06qlaj51do.dll
C:\WINDOWS\SYSTEM32\p84u0ih9e84.dll
C:\WINDOWS\SYSTEM32\VLAR2232.DLL
C:\WINDOWS\SYSTEM32\wzpsrcwp.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

7:50:05.78

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


C:\WINDOWS\system32\bajpbj.exe
C:\WINDOWS\system32\qjatb.exe
C:\WINDOWS\system32\cehwlom.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-12 12:49:26 127,488 "C:\WINDOWS\system32\bajpbj.exe"
2006-08-12 17:17:18 28,672 "C:\WINDOWS\system32\qjatb.exe"
2006-08-12 08:47:56 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-06-26 13:37:10 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-08-12 08:48:20 234,272 "C:\WINDOWS\system32\dx16gt.dLL"
2006-06-23 07:25:30 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-06-23 07:25:30 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-07-28 07:30:52 3,058,176 "C:\WINDOWS\system32\mshtml.dll"
2006-06-23 07:25:30 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-07-28 10:47:30 176,128 "C:\WINDOWS\system32\pgqbwa.dll"
2006-05-24 18:48:04 339,968 "C:\WINDOWS\system32\pxwave.dll"
2006-07-25 16:42:24 615,424 "C:\WINDOWS\system32\urlmon.dll"
2006-07-27 10:49:30 20,992 "C:\WINDOWS\system32\73305db.exe"
2006-08-12 08:47:50 23,552 "C:\WINDOWS\system32\cehwlom.exe"
2006-08-11 23:46:42 138,808 "C:\WINDOWS\system32\clbcatq.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-06-23 07:25:30 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-06-23 07:25:30 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-06-23 07:25:30 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-08-12 17:17:18 51,712 "C:\WINDOWS\system32\hhjprrx.dll"
2006-06-23 07:25:30 251,904 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-06-23 07:25:30 15,872 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-24 18:43:44 1,044,480 "C:\WINDOWS\system32\libdivx.dll"
2006-06-23 07:25:30 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 04:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-06-23 07:25:30 1,497,088 "C:\WINDOWS\system32\shdocvw.dll"
2006-07-13 09:33:28 8,453,632 "C:\WINDOWS\system32\shell32.dll"
2006-06-23 07:25:30 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-24 18:43:44 200,704 "C:\WINDOWS\system32\ssldivx.dll"
2006-06-23 07:25:32 664,576 "C:\WINDOWS\system32\wininet.dll"
2006-06-23 07:25:30 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-07-21 04:24:44 72,704 "C:\WINDOWS\system32\hlink.dll"
2006-05-24 18:48:04 421,888 "C:\WINDOWS\system32\pxdrv.dll"
2006-05-24 18:48:04 172,032 "C:\WINDOWS\system32\pxmas.dll"
2006-08-12 12:49:26 127,488 "C:\WINDOWS\system32\gwxsm.dat"
2006-08-12 18:16:10 433 "C:\WINDOWS\yupvr.dll"
2006-07-19 23:16:48 2,818 "C:\WINDOWS\mozver.dat"
2006-08-12 08:47:46 53 "C:\WINDOWS\ncnvpp.dat"
2006-08-12 08:47:50 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\shuqh.exe"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


08/12/2006 12:49 PM 127,488 gwxsm.dat.vir
08/12/2006 08:47 AM 127,488 shuqh.exe.vir
08/12/2006 12:49 PM 127,488 bajpbj.exe.vir
08/12/2006 05:17 PM 51,712 hhjprrx.dll.vir
08/12/2006 05:17 PM 28,672 qjatb.exe.vir
08/12/2006 08:47 AM 23,552 cehwlom.exe.vir
08/12/2006 08:47 AM 53 ncnvpp.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-27 10:49:30 20,992 "C:\WINDOWS\system32\73305db.exe"
2006-08-11 23:46:42 138,808 "C:\WINDOWS\system32\clbcatq.exe"
2006-06-19 16:19:26 304,944 "C:\WINDOWS\system32\WgaTray.exe"
2006-08-12 08:47:56 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-06-23 07:25:30 151,040 "C:\WINDOWS\system32\cdfview.dll"
2006-06-23 07:25:30 357,888 "C:\WINDOWS\system32\dxtmsft.dll"
2006-06-23 07:25:30 205,312 "C:\WINDOWS\system32\dxtrans.dll"
2006-06-23 07:25:30 251,904 "C:\WINDOWS\system32\iepeers.dll"
2006-06-01 14:47:08 163,840 "C:\WINDOWS\system32\jgdw400.dll"
2006-06-01 14:47:08 27,648 "C:\WINDOWS\system32\jgpl400.dll"
2006-05-18 01:24:26 450,560 "C:\WINDOWS\system32\jscript.dll"
2006-06-23 07:25:30 15,872 "C:\WINDOWS\system32\jsproxy.dll"
2006-05-24 18:43:44 1,044,480 "C:\WINDOWS\system32\libdivx.dll"
2006-06-23 07:25:30 39,424 "C:\WINDOWS\system32\pngfilt.dll"
2006-05-14 04:44:08 181,248 "C:\WINDOWS\system32\rasmans.dll"
2006-06-23 07:25:30 1,497,088 "C:\WINDOWS\system32\shdocvw.dll"
2006-07-13 09:33:28 8,453,632 "C:\WINDOWS\system32\shell32.dll"
2006-06-23 07:25:30 474,112 "C:\WINDOWS\system32\shlwapi.dll"
2006-05-24 18:43:44 200,704 "C:\WINDOWS\system32\ssldivx.dll"
2006-06-23 07:25:32 664,576 "C:\WINDOWS\system32\wininet.dll"
2006-06-26 13:37:10 148,480 "C:\WINDOWS\system32\dnsapi.dll"
2006-06-23 07:25:30 55,808 "C:\WINDOWS\system32\extmgr.dll"
2006-06-23 07:25:30 96,256 "C:\WINDOWS\system32\inseng.dll"
2006-07-28 07:30:52 3,058,176 "C:\WINDOWS\system32\mshtml.dll"
2006-06-23 07:25:30 532,480 "C:\WINDOWS\system32\mstime.dll"
2006-07-28 10:47:30 176,128 "C:\WINDOWS\system32\pgqbwa.dll"
2006-05-24 18:48:04 339,968 "C:\WINDOWS\system32\pxwave.dll"
2006-07-25 16:42:24 615,424 "C:\WINDOWS\system32\urlmon.dll"
2006-06-23 07:25:30 1,054,208 "C:\WINDOWS\system32\danim.dll"
2006-07-21 04:24:44 72,704 "C:\WINDOWS\system32\hlink.dll"
2006-05-24 18:48:04 421,888 "C:\WINDOWS\system32\pxdrv.dll"
2006-05-24 18:48:04 172,032 "C:\WINDOWS\system32\pxmas.dll"
2006-08-12 18:16:10 433 "C:\WINDOWS\yupvr.dll"
2006-07-19 23:16:48 2,818 "C:\WINDOWS\mozver.dat"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\drsmartload1.exe
C:\dfndrff_9.exe
C:\kybrdff_9.exe
C:\WINDOWS\system32\drsmartload815a.exe
C:\WINDOWS\keyboard1.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-13 07:31:58 1427955 ( A.... ) "C:\Documents and Settings\Matt\Application Data\Install.dat"
2006-08-13 07:31:58 ( .D... ) "C:\Program Files\SpySheriff"
2006-08-13 07:08:50 32768 ( A.... ) "C:\winstall.exe"
2006-08-13 07:08:50 32768 ( A.... ) "C:\abeb.exe"
2006-08-13 07:08:44 75776 ( A.... ) "C:\uoytnq.exe"
2006-08-13 07:08:18 16384 ( A.... ) "C:\WINDOWS\system32\loadadv559.exe"
2006-08-13 07:07:54 14336 ( A.... ) "C:\WINDOWS\system32\test.exe"
2006-08-12 18:16:10 433 ( A.... ) "C:\WINDOWS\yupvr.dll"
2006-08-12 08:54:54 ( .D... ) "C:\Program Files\ewido anti-spyware 4.0"
2006-08-12 08:48:18 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-08-12 08:47:56 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-08-12 08:47:54 61952 ( A.... ) "C:\WINDOWS\system32\isvea6c6.dll"
2006-08-12 08:47:54 1167 ( A.... ) "C:\WINDOWS\system32\isvea6c6.sys"
2006-08-12 08:47:54 1167 ( A.... ) "C:\WINDOWS\system32\isvea6c6.sys"
2006-08-12 08:47:54 1167 ( A.... ) "C:\WINDOWS\system32\isvea6c6.sys"
2006-08-12 08:46:54 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-08-12 08:46:32 48190 ( A.... ) "C:\RDFX4.exe"
2006-08-11 23:46:42 138808 ( A.... ) "C:\WINDOWS\system32\clbcatq.exe"
2006-08-11 23:46:40 160800 ( A.... ) "C:\WINDOWS\system32Fastmp3_Setup1.exe"
2006-08-11 11:57:20 ( .D... ) "C:\Program Files\Common Files\Java"
2006-08-09 14:24:28 ( .D... ) "C:\Program Files\RegScrubXP"
2006-08-09 13:24:24 ( .D... ) "C:\Program Files\Common Files\aolshare"
2006-08-09 09:30:16 ( .D... ) "C:\Program Files\Common Files\kqmw"
2006-08-08 18:10:20 0 ( A.... ) "C:\loaded.exe"
2006-08-04 15:01:44 ( .D... ) "C:\Program Files\Lavasoft"
2006-07-29 15:37:54 70656 ( A.... ) "C:\WINDOWS\system32\btpanuib.dll"
2006-07-29 15:37:52 69632 ( A.... ) "C:\WINDOWS\system32\compstuid.dll"
2006-07-29 10:02:46 32208 ( ..SH. ) "C:\Program Files\Common Files\Y1304OU.exe"
2006-07-29 10:01:20 0 ( A.... ) "C:\WINDOWS\system32cymmh.exe"
2006-07-28 10:47:30 176128 ( A.... ) "C:\WINDOWS\system32\pgqbwa.dll"
2006-07-27 10:49:30 20992 ( A.... ) "C:\WINDOWS\system32\73305db.exe"
2006-07-27 10:46:26 ( .D... ) "C:\Documents and Settings\Matt\Application Data\S?mantec"
2006-07-27 10:45:56 ( .D... ) "C:\Program Files\Common Files\{B4B02FDF-095A-1033-0721-030718030001}"
2006-07-27 09:24:46 679424 ( A.... ) "C:\WINDOWS\system32\inetcomm.dll"
2006-07-26 22:52:22 1024 ( A.... ) "C:\Documents and Settings\Matt\Application Data\WavCodec.wff"
2006-07-24 12:06:30 178 ( A.... ) "C:\WINDOWS\system32\del32.bat"
2006-07-24 08:58:08 ( .D... ) "C:\Program Files\Steinberg"
2006-07-24 08:57:16 ( .D... ) "C:\Program Files\FLStudio4"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-21 04:24:44 72704 ( A.... ) "C:\WINDOWS\system32\hlink.dll"
2006-07-19 23:17:12 ( .D... ) "C:\Documents and Settings\Matt\Application Data\Talkback"
2006-07-19 23:15:52 ( .D... ) "C:\Documents and Settings\Matt\Application Data\Mozilla"
2006-07-16 11:53:04 ( .D... ) "C:\Program Files\D-Tools"
2006-07-14 11:31:40 332288 ( A.... ) "C:\WINDOWS\system32\netapi32.dll"
2006-07-13 09:33:28 8453632 ( A.... ) "C:\WINDOWS\system32\shell32.dll"
2006-07-12 10:19:30 ( .D... ) "C:\Documents and Settings\Matt\Application Data\Lavasoft"
2006-07-10 19:45:46 ( .D... ) "C:\Program Files\Common Files\NSIS"
2006-07-05 22:00:48 ( .D... ) "C:\Program Files\Arcade!"
2006-07-05 13:52:56 25 ( A.... ) "C:\WINDOWS\SW_Win2000X48.DLL"
2006-07-05 06:55:02 984064 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2006-07-04 13:32:10 ( .D... ) "C:\Program Files\AOL Pictures"
2006-06-28 10:37:20 ( .D... ) "C:\Documents and Settings\Matt\Application Data\uTorrent"
2006-06-27 15:45:06 ( .D... ) "C:\Program Files\Kodak"
2006-06-27 09:17:04 ( .D... ) "C:\Documents and Settings\Matt\Application Data\InterVideo"
2006-06-27 09:11:42 ( .D... ) "C:\Program Files\InterVideo Information Service"
2006-06-27 09:08:00 ( .D... ) "C:\Program Files\Common Files\InterVideo"
2006-06-26 13:37:10 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-06-26 13:37:10 8192 ( A.... ) "C:\WINDOWS\system32\rasadhlp.dll"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-06-16 23:15:18 ( .D... ) "C:\Program Files\DivX"
2006-06-14 13:49:08 118784 ( A.... ) "C:\WINDOWS\system32\DivXCodecUpdateChecker.exe"
2006-06-13 16:32:34 ( .D... ) "C:\Program Files\AviSynth 2.5"
2006-06-13 16:26:12 ( .D... ) "C:\Program Files\Pure Motion"
2006-06-13 16:26:04 ( .D... ) "C:\Program Files\Sonic Foundry"
2006-06-13 16:25:46 ( .D... ) "C:\Program Files\DebugMode"
2006-05-24 18:48:04 109568 ( A.... ) "C:\WINDOWS\system32\pxinsi64.exe"
2006-05-24 18:43:44 1044480 ( A.... ) "C:\WINDOWS\system32\libdivx.dll"
2006-05-24 18:43:44 200704 ( A.... ) "C:\WINDOWS\system32\ssldivx.dll"
2006-05-19 08:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 08:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"
2005-07-18 20:04:14 10822 ( A.... ) "C:\Program Files\Uninst.isu"
2005-07-18 20:03:44 1429 ( A.... ) "C:\Program Files\Uninstall the iDEN WebJAL.lnk"
2004-07-07 08:58:34 11108 ( A.... ) "C:\Program Files\GMV EULA Extended Speech_V1.txt"
2004-05-13 09:47:18 2992 ( A.... ) "C:\Program Files\Readme.txt"
2004-05-13 09:47:08 11 ( A.... ) "C:\Program Files\ver.ini"
2004-04-29 11:30:18 966656 ( A.... ) "C:\Program Files\WebJAL.exe"
2004-04-28 10:03:16 102400 ( A.... ) "C:\Program Files\IUSB.dll"
2004-03-19 15:43:30 1399891 ( A.... ) "C:\Program Files\SilentInstallUSBDrivers.exe"
2003-12-17 14:54:34 103015 ( A.... ) "C:\Program Files\GMV EULA Extended Speech_V1.pdf"
2003-09-11 14:48:40 77824 ( A.... ) "C:\Program Files\iplcomm.dll"
2003-02-19 18:01:26 195160 ( A.... ) "C:\Program Files\White Paper - What's A Personality Worth .pdf"
2003-02-19 18:01:06 93984 ( A.... ) "C:\Program Files\White Paper - Voice Branding for the Enterprise.pdf"
2003-02-12 15:53:58 28672 ( A.... ) "C:\Program Files\iulcomm.dll"
2003-01-29 11:05:18 32768 ( A.... ) "C:\Program Files\HUSBcomm.dll"
2003-01-22 10:12:18 73728 ( A.... ) "C:\Program Files\iDEN_PST.DLL"
2002-12-18 12:56:30 147456 ( A.... ) "C:\Program Files\JALCOMM.dll"
2002-12-09 10:58:22 49152 ( A.... ) "C:\Program Files\iUSBMon.dll"
2002-09-27 13:06:46 94208 ( A.... ) "C:\Program Files\ISL_IFL.dll"
2002-08-16 09:03:54 24576 ( A.... ) "C:\Program Files\USBCheck.dll"
2000-10-16 09:38:00 53248 ( A.... ) "C:\Program Files\mzip.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-13 07:08 32,768 C:\winstall.exe
2006-08-13 07:08 32,768 C:\abeb.exe
2006-08-13 07:07 14,336 C:\WINDOWS\system32\test.exe
2006-08-12 21:15 20,992 C:\WINDOWS\system32\73305db.exe
2006-08-12 09:00 53,248 C:\WINDOWS\system32\Process.exe
2006-08-12 09:00 42,496 C:\WINDOWS\system32\swreg.exe
2006-08-12 09:00 40,960 C:\WINDOWS\system32\swsc.exe
2006-08-12 09:00 288,417 C:\WINDOWS\system32\SrchSTS.exe
2006-08-12 08:48 38,412 C:\WINDOWS\ssqbn.exe
2006-08-12 08:47 61,952 C:\WINDOWS\system32\isvea6c6.dll
2006-08-12 08:47 48,167 C:\WINDOWS\system32\VSL05.exe
2006-08-12 08:47 1,167 C:\WINDOWS\system32\isvea6c6.sys
 
You must log in or register to reply here.
Back
Top