HJT - ABI Network

[steveb1164]

Logfile of HijackThis v1.99.1
Scan saved at 10:52:47 PM, on 8/18/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\WINDOWS\cmekyya.EXE
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\ccyvkyd.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\America Online 8.0\aoltray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Lexmark X125\LEX125SU.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\MightyFax NT\MFNTCTL.EXE
C:\WINDOWS\wziznxp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Steve\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://rd.yahoo.com/customize/ymsgr/...//my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.fantasysportscentral.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Opware12] "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [Mapi Dent] C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
O4 - HKLM\..\Run: [LMPDPSRV] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [blakowlqcapsb] C:\WINDOWS\System32\ktvuog.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [71636599.exe] C:\WINDOWS\System32\71636599.exe
O4 - HKLM\..\Run: [15746706.exe] C:\WINDOWS\System32\15746706.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Forget Me Not.lnk = C:\Program Files\Broderbund\AG CreataCard\AGRemind.exe
O4 - Global Startup: Lexmark X125 Settings Utility.lnk = C:\Program Files\Lexmark X125\LEX125SU.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: MightyFAX Controller.lnk = C:\Program Files\MightyFax NT\MFNTCTL.EXE
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - c:\program files\partypoker\IEExtension.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel(R) NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - c:\windows\SvcProc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wziznxp.exe

[sUBs]

Hello and Welcome to TSF!

I just want to warn you up front that you've multiple infections here. So, please be prepared for this to take a couple of rounds. There's a fair bit of work to do & I require your assistance & patience.

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs. Do not run them untill instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp!.exe - Install.

KillBox v2.0.0.175.zip

Nailfix.exe

Process Explorer

LQFix.zip

I need you to update Ewido again. Please go to this website - http://www.ewido.net/en/download/updates/
Download the full updated database (Approximately 3600 KB) & install it unto your copy of Ewido.

WinPfind.zip

TrackQoo.zip

'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING

This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your question(s) before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.

IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.
Do not skip any parts of the fix unless it's necessary. It will affect the effeciency of the fix


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run a scan with HijackThis & locate an entry that looks similar to this...

C:\WINDOWS\system32\ccyvkyd.exe r

the filename might be different but you can identify it by the following traits:

* it resides in the system32 folder
* it has the lone alphabet "r" at the end.

take note of the filename & location.

run Process Explorer

from the list of processes, locate the file you've just identified.

right-click the file & select Suspend

leave Process Explorer running with the process suspended


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Copy the filename/s listed below.
Select/Highlight all the filenames & then click on Notepad's Edit menu & select Copy

• name of the file you've just Suspended
  C:\WINDOWS\Nail.exe
  C:\WINDOWS\system32\exp.exe
  C:\WINDOWS\system32\lplsds.exe
  C:\WINDOWS\cmekyya.EXE
  C:\WINDOWS\System32\syscpy.exe
  C:\WINDOWS\System32\stcloader.exe
  C:\WINDOWS\System32\SahAgent.exe
  C:\WINDOWS\System32\ktvuog.exe
  C:\WINDOWS\Belt.exe
  C:\WINDOWS\mwsvm.exe
  C:\WINDOWS\System32\71636599.exe
  C:\WINDOWS\System32\15746706.exe
  C:\WINDOWS\system32\ccyvkyd.exe
  C:\PROGRA~1\INTERN~2\iw.exe min
  c:\windows\SvcProc.exe
  C:\WINDOWS\wziznxp.exe

Launch KillBox.exe

1. Go to the File menu, and choose Paste from Clipboard
   Click the dropdown-arrow next to the Full Path of File to Delete field.
   Verify that the filenames you pasted are found in there.
2. Select/tick the following:
   • Delete on Reboot
   • End Explorer Shell While Killing File
   • Unregister dlll Before deleting * if it's not grayed out
3. Click the RED X button.
4. Click Yes at the Delete on Reboot prompt.
5. Click Yes at the 'Pending Operations prompt'.

* If you received a message such as: "PendingFileRenameOperations registry data has been removed by external process", you have to restart Windows manually .
* If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Uninstall the following programs, if present, using Control Panel->Add/Remove Programs:

• WildTangent
  VBouncer / Virtual Bouncer
  Clear Search
  Search Upgrader
  Power Scan
  CMAPP
  Altnet
  Kazaa
  Internet Washer Pro
  WhistleSoftware

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Nailfix.exe.
Follow the instructions outlined by the setup installer.
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Double click on LQFix.zip & Run LQFix.bat


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Click Start->Run - type SERVICES.MSC & then click on the OK button

1. Locate the service - Windows Overlay Components
2. Double-click on it to open the Properties dialog.
3. Stop the service by using the Stop button.
4. Change the Startup type to Disabled & then click on the OK button

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS

Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O4 - HKLM\..\Run: [exp.exe] C:\WINDOWS\system32\exp.exe
O4 - HKLM\..\Run: [System service63] C:\WINDOWS\etb\pokapoka63.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\lplsds.exe reg_run
O4 - HKLM\..\Run: [cmekyya] C:\WINDOWS\cmekyya.EXE
O4 - HKLM\..\Run: [System service62] C:\WINDOWS\etb\pokapoka62.exe
O4 - HKLM\..\Run: [WT GameChannel] C:\Program Files\WildTangent\Apps\GameChannel.exe
O4 - HKLM\..\Run: [VBundleOuterDL] C:\Program Files\VBouncer\BundleOuter.EXE
O4 - HKLM\..\Run: [Syscpy] C:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [stcloader] C:\WINDOWS\System32\stcloader.exe
O4 - HKLM\..\Run: [SearchUpgrader] C:\Program Files\Common files\SearchUpgrader\SearchUpgrader.exe
O4 - HKLM\..\Run: [SAHAgent] C:\WINDOWS\System32\SahAgent.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [ClrSchLoader] C:\Program Files\ClearSearch\Loader.exe
O4 - HKLM\..\Run: [blakowlqcapsb] C:\WINDOWS\System32\ktvuog.exe
O4 - HKLM\..\Run: [Belt] C:\WINDOWS\Belt.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [absr] C:\WINDOWS\mwsvm.exe
O4 - HKLM\..\Run: [71636599.exe] C:\WINDOWS\System32\71636599.exe
O4 - HKLM\..\Run: [15746706.exe] C:\WINDOWS\System32\15746706.exe
O4 - HKLM\..\Run: [cbrcwrp] C:\WINDOWS\system32\ccyvkyd.exe r
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - HKCU\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Snapfish\SNAPFI~1\data\xtras\mssysmgr. exe
O4 - HKCU\..\Run: [Internet Washer Pro] C:\PROGRA~1\INTERN~2\iw.exe min
O9 - Extra button: Whistle - {220E39C3-B081-4719-AB1A-9A884DCBD05C} - C:\Program Files\WhistleSoftware\WselServices\webband.dll (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\wziznxp.exe


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools>Folder Options> View tab.

• Enable - Show hidden files and folder
• Disable - Hide file extensions for known types
• Disable - Hide protected operating system files

Click Yes to confirm & then click OK

Locate and delete the following folder(s), if present:

• C:\Program Files\Internet Washer
  C:\Program Files\Common Files\slmss\
  C:\Program Files\WhistleSoftware\
  C:\Program Files\CMAPP\
  c:\program files\altnet\
  C:\Program Files\ClearSearch\
  C:\WINDOWS\System32\P2P Networking\
  C:\Program Files\Power Scan\
  C:\Program Files\Common files\SearchUpgrader
  C:\Program Files\VBouncer\
  C:\Program Files\WildTangent

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:

• Delete Newsgroup cache
• Delete Newsgroup Subscriptions
• Scan local drives for temporary files

4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)

1. Click Scanner
2. Click Complete System Scan to begin scanning.
3. Click OK when prompted to clean files
4. With the first file it prompts to clean, select the option: "Perform action on all infections"
5.Choose clean and click OK.
6. Once finished, click the Save report button
7. Save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Double-click WinPFind.zip & extract the contents to a new folder at Drive C.

1. From within that folder, double click WinPFind.exe
2. Click Start Scan
3. Once the Scan is complete, it will create a report in a text file
4. Go to the WinPFind folder & locate WinPFind.txt
5. Post the results in your next reply!

** This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


REBOOT TO NORMAL MODE

Perform an online scan with Internet Explorer with Panda ActiveScan - requires Internet Explorer

1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
2. Click On 'Scan Now'
3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
4. Begin the scan by selecting My Computer
   * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
5. If it finds any malware, it will offer you a report. Click on see report
6. Then click Save report
7. Post the contents of the report in your next reply

* Turn off the real time scanner of any existing antivirus program while performing the online scan


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).

• Save it to your desktop.
• Double-click the new icon on your desktop - tmas-web-scan.exe
• It will say "Loading TrendMicro definitions".
• Once the definitions are loaded, the program will appear to close then re-open.
• Click Start Scan
• After it's done scanning, click "Scan Results"
• Make sure all items found have a check next to them, then click Clean Threats Now.
• Click Exit.

Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.

= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Extract the contents of TrackQoo.zip & double-click on TrackQoo1.vbs. Wait a few seconds and a notepad page will pop up, Copy & Paste those results in your next reply.
* If your Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

In your next post, please include fresh logs from:

• HiJackThis log
• Online Scan
• Ewido
• WinPfind
• TrackQoo1.vbs

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

[steveb1164]

It looks like it's working good. Here are the fresh logs.

TrackQoo:

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"MMTray"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mm_tray.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Opware12"="\"C:\\Program Files\\ScanSoft\\OmniPagePro12.0\\Opware12.exe\""
"nwiz"="nwiz.exe /install"
"mmtask"="C:\\Program Files\\MUSICMATCH\\MUSICMATCH Jukebox\\mmtask.exe"
"Mapi Dent"="C:\\PROGRA~1\\TheAxisSoftware\\Vc 64 Manager.exe"
"LMPDPSRV"="C:\\WINDOWS\\System32\\spool\\DRIVERS\\W32X86\\3\\LMPDPSRV.EXE"
"iTunesHelper"="C:\\Program Files\\iTunes\\iTunesHelper.exe"
"DVDSentry"="C:\\WINDOWS\\System32\\DSentry.exe"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"ccRegVfy"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccRegVfy.exe\""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"AdaptecDirectCD"="\"C:\\Program Files\\Roxio\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"winsync"="C:\\WINDOWS\\system32\\lplsds.exe reg_run"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

-----------------
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers


Subkey --- ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
C:\Program Files\ewido\security suite\context.dll

Subkey --- fyfxqxxk
{bbeb6c29-ed19-4527-b129-b3533cae8eda}
C:\WINDOWS\system32\jajab.dll

Subkey --- Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03}
C:\WINDOWS\System32\cscui.dll

Subkey --- Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton AntiVirus\NavShExt.dll

Subkey --- WinZip
{E0D79304-84BE-11CE-9641-444553540000}
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

Subkey --- {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin
C:\WINDOWS\system32\SHELL32.dll

=====================

HKEY_CLASSES_ROOT\Folder\shellex\ColumnHandlers


Subkey --- {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F01-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {24F14F02-7B1C-11d1-838f-0000F80461CF}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {66742402-F9B9-11D1-A202-0000F81FEDEE}
C:\WINDOWS\system32\SHELL32.dll

Subkey --- {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

==============================
C:\Documents and Settings\All Users\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
America Online 8.0 Tray Icon.lnk
DESKTOP.INI
Digital Line Detect.lnk
Forget Me Not.lnk
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
MightyFAX Controller.lnk
Service Manager.lnk
WinZip Quick Pick.lnk
==============================
C:\Documents and Settings\Steve\Start Menu\Programs\Startup

Adobe Reader Speed Launch.lnk
America Online 8.0 Tray Icon.lnk
DESKTOP.INI
Digital Line Detect.lnk
Forget Me Not.lnk
Lexmark X125 Settings Utility.lnk
Microsoft Office.lnk
MightyFAX Controller.lnk
Service Manager.lnk
WinZip Quick Pick.lnk
DESKTOP.INI
==============================
C:\WINDOWS\SYSTEM32 cpl files


access.cpl Microsoft Corporation
appwiz.cpl Microsoft Corporation
bdeadmin.cpl Inprise Corporation
bthprops.cpl Microsoft Corporation
conres.cpl
cpl_moh.cpl
CTDetect.cpl Creative Technology Ltd.
CTDevCtrl.cpl Creative Technology Ltd.
desk.cpl Microsoft Corporation
firewall.cpl Microsoft Corporation
hdwwiz.cpl Microsoft Corporation
inetcpl.cpl Microsoft Corporation
intl.cpl Microsoft Corporation
irprops.cpl Microsoft Corporation
joy.cpl Microsoft Corporation
MAIN.CPL Microsoft Corporation
mmsys.cpl Microsoft Corporation
NCPA.CPL Microsoft Corporation
netsetup.cpl Microsoft Corporation
nusrmgr.cpl Microsoft Corporation
nvtuicpl.cpl NVIDIA Corporation
NWC.CPL Microsoft Corporation
odbccp32.cpl Microsoft Corporation
plugincpl131_04.cpl Sun Microsystems
powercfg.cpl Microsoft Corporation
PROSetp.cpl Intel Corporation
QuickTime.cpl Apple Computer, Inc.
sysdm.cpl Microsoft Corporation
TELEPHON.CPL Microsoft Corporation
timedate.cpl Microsoft Corporation
wscui.cpl Microsoft Corporation
wuaucpl.cpl Microsoft Corporation


WinPFind:

WARNING: not all files found by this scanner are bad. Consult with a knowledgable person before proceeding.

If you see a message in the titlebar saying "Not responding..." you can ignore it. Windows somethimes displays this message due to the high volume of disk I/O. As long as the hard disk light is flashing, the program is still working properly.

»»»»»»»»»»»»»»»»» Windows OS and Versions »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180

»»»»»»»»»»»»»»»»» Checking Selected Standard Folders »»»»»»»»»»»»»»»»»»»»

Checking %SystemDrive% folder...

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
PECompact2 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
qoologic 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
SAHAgent 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\LPT$VPN.791
UPX! 8/18/2005 9:53:08 PM 170053 C:\WINDOWS\tsc.exe
PECompact2 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
qoologic 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
SAHAgent 8/18/2005 9:53:06 PM 15636721 C:\WINDOWS\VPTNFILE.791
UPX! 8/18/2005 9:53:08 PM 1044560 C:\WINDOWS\vsapi32.dll
aspack 8/18/2005 9:53:08 PM 1044560 C:\WINDOWS\vsapi32.dll

Checking %System% folder...
UPX! 7/9/2004 3:22:34 PM 143360 C:\WINDOWS\SYSTEM32\b1s.dlltmp
abetterinternet.com 12/19/2003 10:41:06 AM 131072 C:\WINDOWS\SYSTEM32\biR.exe
UPX! 12/21/2003 9:00:46 PM 224768 C:\WINDOWS\SYSTEM32\c17b6s.dll
UPX! 12/19/2003 10:41:06 AM 223232 C:\WINDOWS\SYSTEM32\c41bRs.dll
69.59.186.63 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
209.66.67.134 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.97 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
66.63.167.77 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
web-nex 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
winsync 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
rec2_run 8/18/2005 2:21:58 PM 30208 C:\WINDOWS\SYSTEM32\datadx.dll
PEC2 8/29/2002 4:00:00 AM 41397 C:\WINDOWS\SYSTEM32\DFRG.MSC
69.59.186.63 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
209.66.67.134 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
web-nex 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
winsync 8/19/2005 1:39:20 AM 10240 C:\WINDOWS\SYSTEM32\jajab.dll
PECompact2 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2005 6:31:38 PM 1449304 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
69.59.186.63 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
209.66.67.134 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
web-nex 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
winsync 8/19/2005 1:39:18 AM 46080 C:\WINDOWS\SYSTEM32\ssssgss.dll
UPX! 5/1/1997 6:00:00 AM 1292288 C:\WINDOWS\SYSTEM32\TV_ENG32.DLL
winsync 8/29/2002 4:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\WBDBASE.DEU

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 10:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\ETC\hosts


Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
S 8/19/2005 1:46:18 AM 2048 C:\WINDOWS\BOOTSTAT.DAT
H 6/29/2005 10:10:38 AM 0 C:\WINDOWS\INF\oem23.inf
S 7/8/2005 4:23:18 PM 12143 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB893756.cat
S 6/30/2005 934 AM 11437 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896423.cat
S 7/19/2005 7:18:10 PM 18913 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB896727.cat
S 6/30/2005 1:42:18 PM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899587.cat
S 6/30/2005 2:21:10 PM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899588.cat
S 6/30/2005 8:46:18 AM 11084 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB899591.cat
S 6/28/2005 7:12:56 PM 11845 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB901214.cat
S 7/2/2005 1:18:16 AM 9445 C:\WINDOWS\SYSTEM32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\KB903235.cat
H 8/19/2005 1:46:06 AM 8192 C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG
H 8/19/2005 2:44:08 AM 1024 C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG
H 8/19/2005 1:46:20 AM 16384 C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG
H 8/19/2005 3:04:20 AM 274432 C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG
H 8/19/2005 2:13:54 AM 45056 C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG
H 8/11/2005 3:01:36 AM 1024 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\NTUSER.DAT.LOG
S 8/18/2005 2:10:54 PM 7652 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\Content\E891C648621A40AC7F773694A17FE76C
S 8/18/2005 2:10:54 PM 134 C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\CryptnetUrlCache\MetaData\E891C648621A40AC7F773694A17FE76C
H 8/19/2005 1:45:14 AM 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
11/11/1999 11:11:00 PM 183808 C:\WINDOWS\SYSTEM32\bdeadmin.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
8/18/2005 2:21:58 PM 31232 C:\WINDOWS\SYSTEM32\conres.cpl
5/24/2002 10:45:48 AM 24576 C:\WINDOWS\SYSTEM32\cpl_moh.cpl
Creative Technology Ltd. 3/30/2001 1:00:00 AM 230912 C:\WINDOWS\SYSTEM32\CTDetect.cpl
Creative Technology Ltd. 2/21/2002 212992 C:\WINDOWS\SYSTEM32\CTDevCtrl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 187904 C:\WINDOWS\SYSTEM32\MAIN.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 35840 C:\WINDOWS\SYSTEM32\NCPA.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
NVIDIA Corporation 10/6/2003 3:16:00 PM 73728 C:\WINDOWS\SYSTEM32\nvtuicpl.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 36864 C:\WINDOWS\SYSTEM32\NWC.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Sun Microsystems 5/17/2002 5:04:56 PM 45154 C:\WINDOWS\SYSTEM32\plugincpl131_04.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Intel Corporation 8/16/2002 2:52:12 PM 774144 C:\WINDOWS\SYSTEM32\PROSetp.cpl
Apple Computer, Inc. 12/14/2003 10:20:50 AM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 8/29/2002 4:00:00 AM 28160 C:\WINDOWS\SYSTEM32\TELEPHON.CPL
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\DLLCACHE\mmsys.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\DLLCACHE\wuaucpl.cpl

»»»»»»»»»»»»»»»»» Checking Selected Startup Folders »»»»»»»»»»»»»»»»»»»»»

Checking files in %ALLUSERSPROFILE%\Startup folder...
4/30/2005 12:37:16 PM 1757 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
6/5/2003 8:41:38 AM 831 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 8.0 Tray Icon.lnk
1/17/2003 11:50:28 AM 567 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
2/11/2004 9:23:00 PM 768 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Forget Me Not.lnk
4/30/2005 1:11:44 PM 1596 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lexmark X125 Settings Utility.lnk
4/13/2003 10:26:36 PM 1725 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
4/15/2003 11:51:34 AM 697 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MightyFAX Controller.lnk
8/19/2005 1:39:14 AM 92160 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\nani.exe
5/21/2003 9:54:40 AM 1852 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Service Manager.lnk
4/2/2005 9:08:06 PM 1518 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk

Checking files in %ALLUSERSPROFILE%\Application Data folder...

Checking files in %USERPROFILE%\Startup folder...

Checking files in %USERPROFILE%\Application Data folder...
4/29/2005 11:01:42 PM 877 C:\Documents and Settings\Steve\Application Data\AdobeDLM.log
4/29/2005 11:01:42 PM 0 C:\Documents and Settings\Steve\Application Data\dm.ini
8/1/2005 6:56:08 PM 268 C:\Documents and Settings\Steve\Application Data\LMCPaper.dat
8/1/2005 6:56:08 PM 3932 C:\Documents and Settings\Steve\Application Data\LMLayout.dat
5/23/2003 11:18:48 PM 784 C:\Documents and Settings\Steve\Application Data\mpauth.dat
8/18/2005 2:31:22 PM 48 C:\Documents and Settings\Steve\Application Data\Sskcwrd.dll
8/18/2005 2:12:58 PM 445107 C:\Documents and Settings\Steve\Application Data\Sskknwrd.dll

»»»»»»»»»»»»»»»»» Checking Selected Registry Keys »»»»»»»»»»»»»»»»»»»»»»»

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
=
SV1 =
acc=ventura5 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\fyfxqxxk
{bbeb6c29-ed19-4527-b129-b3533cae8eda} = C:\WINDOWS\system32\jajab.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\ewido
{57BD36D7-CE32-4600-9B1C-1A0C47EFC02E} = C:\Program Files\ewido\security suite\context.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinZip
{E0D79304-84BE-11CE-9641-444553540000} = C:\PROGRA~1\WINZIP\WZSHLSTB.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{F9DB5320-233E-11D1-9F84-707F02C10627}
= C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
ButtonText = Messenger :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}
ButtonText = PartyPoker.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}
Search Band = %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C7A2084B-969C-439A-96E8-176BF9A93879}
WSEL Services = C:\Program Files\WhistleSoftware\WselServices\webband.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E62-B078-11D0-89E4-00C04FC9E26E}
History Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}
&Research = C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{2318C2B1-4965-11D4-9B18-009027A5CD4F} = :
{B63D81CF-90DC-4D13-8782-9524A2752039} = The Fantasy Football Toolbar : C:\Program Files\The Fantasy Football Toolbar\DD8A85EA.dll
{4E7BD74F-2B8D-469E-8DBC-A42EB79CB428} = COMMUNICATOR : C:\WINDOWS\SYSTEM32\communicator.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
NvCplDaemon RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
MMTray C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
Symantec NetDriver Monitor C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
UpdReg C:\WINDOWS\UpdReg.EXE
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Opware12 "C:\Program Files\ScanSoft\OmniPagePro12.0\Opware12.exe"
nwiz nwiz.exe /install
mmtask C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
Mapi Dent C:\PROGRA~1\TheAxisSoftware\Vc 64 Manager.exe
LMPDPSRV C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LMPDPSRV.EXE
iTunesHelper C:\Program Files\iTunes\iTunesHelper.exe
DVDSentry C:\WINDOWS\System32\DSentry.exe
diagent "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
ccRegVfy "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
AdaptecDirectCD "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
MSConfig C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Yahoo! Pager "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background
Desktop Weather 3 C:\PROGRA~1\THEWEA~1\THEWEA~1.EXE
DellSupport "C:\Program Files\Dell Support\DSAgnt.exe" /startup

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer

NoDriveTypeAutoRun _

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
PostBootReminder {7849596a-48ea-486e-8937-a2a3009f31a9} = %SystemRoot%\system32\SHELL32.dll
CDBurn {fbeb8a05-beee-4442-804e-409d6c4515e9} = %SystemRoot%\system32\SHELL32.dll
WebCheck {E6FB5E20-DE35-11CF-9C87-00AA005127ED} = %SystemRoot%\System32\webcheck.dll
SysTray {35CEC8A3-2BE6-11D2-8773-92E220524153} = C:\WINDOWS\System32\stobject.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,
Shell = explorer.exe
System =

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain
= crypt32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet
= cryptnet.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll
= cscdll.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy
= sclgntfy.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn
= WlNotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv
= wlnotify.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon
= wlnotify.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\Your Image File Name Here without a path
Debugger = ntsd -d

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLs


»»»»»»»»»»»»»»»»»»»»»»»» Scan Complete »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
WinPFind v1.3.0 - Log file written to "WinPFind.Txt" in the WinPFind folder.
Scan completed on 8/19/2005 3:56:25 AM



Antispyware Log:

Started Scanning
Internet Cookies
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\Channels\DATING'
Found '' in 'Software\Kazaa\Channels\DATING_BROWSE'
Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE'
Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE'
Found '' in 'Software\Kazaa\Channels\P2P'
Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE'
Found '' in 'Software\Kazaa\Channels\WEBSEARCH'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Promotions\Broadband'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'SOFTWARE\TrayNotifier'
Found '' in 'SOFTWARE\Internet Washer'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'software\classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'software\classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'software\classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'software\classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'software\classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'software\classes\ImcWselParser.WselParser'
Found '' in 'software\classes\ImcWselParser.WselParser.1'
Found '' in 'software\classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CLSID'
Found '' in 'software\classes\ImcWselParser.WselParser\CurVer'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'software\classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'software\classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'software\classes\WselServices.WselLogServices.1'
Found '' in 'software\classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices'
Found '' in 'software\classes\WselServices.WselNetworkServices.1'
Found '' in 'software\classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'software\classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'software\classes\WselServices.WselXmlServices.1'
Found '' in 'software\classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{3FECB959-1FDD-4803-850A-CA3F2859F5AB}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{889395BF-F7F7-4023-B42E-6074DE380EA5}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{A16E4ECF-12AA-49E2-9891-ECE57AF678B9}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}'
Found '' in 'SOFTWARE\Classes\CLSID\{C7A2084B-969C-439A-96E8-176BF9A93879}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{EBCF7B0E-2277-4EE4-95EE-3D542CDB8191}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser.1\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CLSID'
Found '' in 'SOFTWARE\Classes\ImcWselParser.WselParser\CurVer'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0CC38E71-6AD3-450C-8C71-50728A640B43}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{0FBD6033-24C5-45D2-A1E5-38C46ED3B135}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{322400D5-8FB0-45BA-8F09-0E837D57493B}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{54A770F4-D5F3-42AE-9FD5-390A6A4D85E7}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{7EA005FE-90DA-4BC7-955B-9FACE4A2069C}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{80E6EE09-3DB1-4627-A7C9-DAD7CFBDF05F}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8179B6D6-513D-45DC-B910-AA329A524142}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8D9BFFC9-E027-4EA3-8AE9-8DBEFED2FB93}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{8DA46338-BA81-4065-B7B9-36450E42B017}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{92A17F40-E69B-44FA-9B8A-AAF7DBE413AF}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{930CB039-564E-4C04-B6A8-8B31BFB28347}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{99258154-5666-4561-AD45-C76AE7077B70}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{AA5955F9-B090-4D3B-AD7F-C9B46509BB87}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BB46AC71-9F97-4518-B0D0-F3008B65CF88}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{D5E6A641-453E-4650-A49A-FA912A870827}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{F75448F7-4F62-45FA-9BC1-4250BB4D87C9}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{FDC2FA83-0E09-427A-A4E6-04FB98667C32}\TypeLib'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{568F3BA7-B0E2-4A83-B8B6-319631C4622C}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{93CF2521-DF05-41F4-B803-5EB17C4BB424}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselLogServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices.1\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CLSID'
Found '' in 'SOFTWARE\Classes\WselServices.WselNetworkServices\CurVer'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1'
Found '' in 'SOFTWARE\Classes\WselServices.WselXmlServices.1\CLSID'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StatBlaster'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\Vendor\xml'
Found '' in 'SOFTWARE\Classes\Remove'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Found '' in 'WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj.1'
Found '' in 'WhistleHlprObj.WhistleHlprObj'
Found '' in 'SOFTWARE\Classes\WhistleHlprObj.WhistleHlprObj'
Found '' in 'Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\Interface\{FE2C03F1-EB17-4017-9C22-99C65870B9EC}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{B8848F69-E8E2-4952-90F2-BC4EF0C22243}\2.0\HELPDIR'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Found 'data.bin' in 'C:\Program Files\Aprps'
Found 'wsuin.bat' in 'C:\Program Files\Common Files\System'
Found '' in 'C:\Program Files\Kazaa'
Found '' in 'C:\Program Files\Kazaa\BGP2P'
Found '' in 'C:\Program Files\Kazaa\Db'
Found '' in 'C:\Program Files\Kazaa\My Shared Folder'
Found '' in 'C:\Program Files\Lycos'
Found '' in 'C:\Program Files\Lycos\Sidesearch'
Found '' in 'C:\Program Files\Media Access'
Found '' in 'C:\Program Files\MyWay'
Found 'client.exe' in 'C:\Program Files\ParadisePoker'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Found 'FT1_02_0_402_GEPFAH.EXE' in 'C:\WINDOWS'
Found 'Belt.inf' in 'C:\WINDOWS\INF'
Found 'biini.inf' in 'C:\WINDOWS\INF'
Found 'back.gif' in 'C:\WINDOWS\SYSTEM32'
Found 'creditcard32123123123asdsa123.ico' in 'C:\WINDOWS\SYSTEM32'
Found 'MSrev21.dll' in 'C:\WINDOWS\SYSTEM32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\Aprps\data.bin' in shortcut areas.
Checking for 'C:\Program Files\Aprps\data.bin' in startup areas.
Cleaning 'C:\Program Files\Aprps\data.bin'
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in shortcut areas.
Checking for 'C:\Program Files\Common Files\System\wsuin.bat' in startup areas.
Cleaning 'C:\Program Files\Common Files\System\wsuin.bat'
Checking for 'C:\Program Files\Kazaa' in shortcut areas.
Checking for 'C:\Program Files\Kazaa' in startup areas.
Cleaning 'C:\Program Files\Kazaa'
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P\versions.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P\versions.dat'
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\ctx4-040924.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\ctx4-040924.cab'
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data1024.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data1024.dbb'
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\data256.dbb' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\data256.dbb'
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\k7tqkgkk_tssv125.dat'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928a.cab'
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tsi4-040928f.cab'
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db\tss4.cab' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db\tss4.cab'
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder\kazaa272_en.exe'
Checking for 'C:\Program Files\Kazaa\BGP2P' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\BGP2P' in startup areas.
Cleaning 'C:\Program Files\Kazaa\BGP2P'
[SCANMODS] The file 'C:\Program Files\Kazaa\BGP2P' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\Db' in shortcut areas.
Checking for 'C:\Program Files\Kazaa\Db' in startup areas.
Cleaning 'C:\Program Files\Kazaa\Db'
[SCANMODS] The file 'C:\Program Files\Kazaa\Db' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in shortcut areas.
Found 'My Shared Folder.url' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\Kazaa\My Shared Folder' in startup areas.
Cleaning 'C:\Program Files\Kazaa\My Shared Folder'
[SCANMODS] The file 'C:\Program Files\Kazaa\My Shared Folder' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Lycos' in shortcut areas.
Checking for 'C:\Program Files\Lycos' in startup areas.
Cleaning 'C:\Program Files\Lycos'
Checking for 'C:\Program Files\Lycos\Sidesearch' in shortcut areas.
Checking for 'C:\Program Files\Lycos\Sidesearch' in startup areas.
Cleaning 'C:\Program Files\Lycos\Sidesearch'
[SCANMODS] The file 'C:\Program Files\Lycos\Sidesearch' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\Media Access' in shortcut areas.
Checking for 'C:\Program Files\Media Access' in startup areas.
Cleaning 'C:\Program Files\Media Access'
Checking for 'C:\Program Files\MyWay' in shortcut areas.
Checking for 'C:\Program Files\MyWay' in startup areas.
Cleaning 'C:\Program Files\MyWay'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in shortcut areas.
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\Paradise Poker\'
Found 'Paradise Poker.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
Checking for 'C:\Program Files\ParadisePoker\client.exe' in startup areas.
Cleaning 'C:\Program Files\ParadisePoker\client.exe'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\'
[SCANMODS] The file 'C:\Documents and Settings\Steve\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\Steve\Desktop\Unused Desktop Shortcuts\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in shortcut areas.
Checking for 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE' in startup areas.
Cleaning 'C:\WINDOWS\FT1_02_0_402_GEPFAH.EXE'
Checking for 'C:\WINDOWS\INF\Belt.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\Belt.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\Belt.inf'
Checking for 'C:\WINDOWS\INF\biini.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\biini.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\biini.inf'
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\back.gif' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\back.gif'
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\creditcard32123123123asdsa123.ico'
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\MSrev21.dll' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\MSrev21.dll'
Finished Cleaning


Ewido:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:38:47 AM, 8/19/2005
+ Report-Checksum: CDEFAE02

+ Scan result:

C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077460.exe -> Spyware.Delfin : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077461.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077462.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077463.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077464.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077465.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077466.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP997\A0077467.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4