Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Downloader Virus


  • This topic is locked This topic is locked
6 replies to this topic

#1 jimmy paull

jimmy paull

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 31 July 2006 - 03:11 PM

comidq.dll is infected according to norton... who nows what else you might find in this log.
Logfile of HijackThis v1.99.1
Scan saved at 1:12:19 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\James P. Durbin\Local Settings\Temporary Internet Files\Content.IE5\0B53MER1\stng260[1].exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\James P. Durbin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {581e0751-b4c3-49af-93b1-6afc5aa15946} - C:\WINDOWS\system32\comidq.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136437367390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {96AD66E6-8375-4864-8F4D-0F15023C2AF6} (CWUInstall Object) - http://www.wunderground.com/windowsinstall/weather.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: comidq - C:\WINDOWS\SYSTEM32\comidq.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:40 PM

Posted 31 July 2006 - 04:36 PM

Hello there, welcome to Bleeping Computer.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Put a check next to "Run VundoFix as a task".
You will receive a message saying vundofix will close and re-open in a minute or less - Click OK
When VundoFix re-opens, click "Scan for Vundo" button.
Once the scan is complete, right Click inside the listbox (white box) and click "add more files"
Copy and paste the 2 entries below into the top 2 boxes (no arrows):

--> C:\WINDOWS\SYSTEM32\comidq.dll
--> C:\WINDOWS\system32\qdimoc.*

Click "Add Files" and click "Close Window".
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo - this is normal.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.

David

#3 jimmy paull

jimmy paull
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 31 July 2006 - 05:18 PM

ok... done

Logfile of HijackThis v1.99.1
Scan saved at 3:17:38 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\James P. Durbin\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshiba.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {581e0751-b4c3-49af-93b1-6afc5aa15946} - C:\WINDOWS\system32\comidq.dll (file missing)
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &iSearch The Web - res://C:\WINDOWS\System32\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst_current.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqcpc/downloads/sysinfo.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1136437367390
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - http://ipgweb.cce.hp.com/rdqcpc/downloads/msxml4.cab
O16 - DPF: {96AD66E6-8375-4864-8F4D-0F15023C2AF6} (CWUInstall Object) - http://www.wunderground.com/windowsinstall/weather.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.stopzilla.com/_download/Auto_Installer/dwnldr.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsubleepa Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


Scan started at 2:54:06 PM 7/31/2006

Listing files found while scanning....


VundoFix V5.1.6

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Scan started at 2:57:11 PM 7/31/2006

Listing files found while scanning....


Beginning removal...

The process smss.exe was successfully stopped

The process winlogon.exe was successfully stopped

The process explorer.exe was successfully stopped

The process iexplore.exe was successfully stopped

The process rundll32.exe was successfully stopped

Attempting to delete C:\WINDOWS\SYSTEM32\comidq.dll
C:\WINDOWS\SYSTEM32\comidq.dll Has been deleted!

Performing Repairs to the registry.
Done!

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:40 PM

Posted 31 July 2006 - 05:20 PM

Hello there, welcome to Bleeping Computer.

It is a good idea to print off these instructions:
This will be useful as there is a possibility some of the instructions will need to be carried out where internet access is not available.
You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.
A print out of the instructions would be a good reference to make sure you don't yet lost.
Also, it is important that you complete the instructions in the right order, and also that you don't miss any steps out!
If you have any queries about the process or just general questions, just ask.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: (no name) - {581e0751-b4c3-49af-93b1-6afc5aa15946} - C:\WINDOWS\system32\comidq.dll (file missing)

* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Download WinpFind.
Extract WinPFind.zip to your c:\ folder.
Reboot into Safe Mode ( without networking support !)
To get into the Safe mode as the computer is booting press and hold your "F8 Key".
Use your arrow keys to move to "Safe Mode" and press your Enter key.
Then open c:\WinPFind and double-click on WinPFind.exe.
When the program is open, click on the Start Scan button to scart scanning your computer.
Be patient as this scan may take a while.
When it is done, it will show a log and tell you the scan is completed.
Reboot your computer back to normal mode and and post the contents of the log as a reply to this topic.

Malware like this normally never comes alone and there are probably infected files left on your computer.
Please visit Panda Online to carry out a virus scan.
Once you are on the Panda site click the Scan your PC button.
A new window will open...click the Check Now button.
Enter your personal details.
Click the big Scan Now button.
It will ask to install various content - please allow this.
It will start downloading the files it requires for the scan, which may take a while.
When download is complete, click on Local Disks to start the scan.
When the scan completes, click the See Report button.
Click Save Report and save the file to your desktop.
Post the contents of the report in your next reply, along with a new Hijackthis log.

David

#5 jimmy paull

jimmy paull
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 31 July 2006 - 08:54 PM

Windows OS and Versions
Product Name: Microsoft Windows XP Current Build: Service Pack 2 Current Build Number: 2600
Internet Explorer Version: 6.0.2900.2180
Checking Selected Standard Folders

Checking %SystemDrive% folder...
PEC2 7/13/2005 10:41:24 PM 1037996 C:\crash.txt
qoologic 7/31/2006 5:11:32 PM 204131 C:\WinPFind.zip

Checking %ProgramFilesDir% folder...

Checking %WinDir% folder...
aspack 3/9/2004 3:01:02 AM 410640 C:\WINDOWS\eFaxview.exe

Checking %System% folder...
PEC2 3/31/2003 5:00:00 AM 41397 C:\WINDOWS\SYSTEM32\dfrg.msc
PEC2 6/1/2006 3:06:58 PM 619156 C:\WINDOWS\SYSTEM32\DivX.dll
PECompact2 6/1/2006 3:06:58 PM 619156 C:\WINDOWS\SYSTEM32\DivX.dll
UPX! 2/18/2006 10:23:16 AM 24064 C:\WINDOWS\SYSTEM32\ExtractMux.exe
UPX! 5/20/2004 9:35:46 AM 72704 C:\WINDOWS\SYSTEM32\in10b6.dlltmp
aspack 3/9/2004 3:01:02 AM 766464 C:\WINDOWS\SYSTEM32\jsdvwsdk.dll
PTech 6/19/2006 4:19:42 PM 571184 C:\WINDOWS\SYSTEM32\LegitCheckControl.dll
aspack 11/14/2004 4:55:04 PM 194560 C:\WINDOWS\SYSTEM32\main.scr
aspack 7/6/2006 6:21:46 PM 6757792 C:\WINDOWS\SYSTEM32\MRT.exe
aspack 8/4/2004 12:56:36 AM 708096 C:\WINDOWS\SYSTEM32\ntdll.dll
Umonitor 8/4/2004 12:56:44 AM 657920 C:\WINDOWS\SYSTEM32\rasdlg.dll
UPX! 5/3/2004 9:58:50 AM 22782 C:\WINDOWS\SYSTEM32\UninstXviDDec.exe
winsync 3/31/2003 5:00:00 AM 1309184 C:\WINDOWS\SYSTEM32\wbdbase.deu
PTech 6/19/2006 4:19:26 PM 304944 C:\WINDOWS\SYSTEM32\WgaTray.exe
UPX! 2/18/2006 10:22:54 AM 22528 C:\WINDOWS\SYSTEM32\ympgacm.acm
UPX! 2/18/2006 10:23:10 AM 139776 C:\WINDOWS\SYSTEM32\ympgcdc.cfg
UPX! 2/18/2006 10:22:58 AM 22016 C:\WINDOWS\SYSTEM32\ympgcdc.dll

Checking %System%\Drivers folder and sub-folders...
PTech 8/3/2004 11:41:38 PM 1309184 C:\WINDOWS\SYSTEM32\drivers\mtlstrm.sys

Items found in C:\WINDOWS\SYSTEM32\drivers\etc\hosts

Checking the Windows folder and sub-folders for system and hidden files within the last 60 days...
7/31/2006 3:09:26 PM S 2048 C:\WINDOWS\bootstat.dat
7/31/2006 2:47:16 PM H 54156 C:\WINDOWS\QTFont.qfn
7/31/2006 3:09:44 PM H 48882 C:\WINDOWS\system32\vsconfig.xml
7/31/2006 11:29:30 AM H 4212 C:\WINDOWS\system32\zllictbl.dat
6/19/2006 4:20:58 PM S 7160 C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WgaNotify.cat
7/31/2006 3:20:02 PM H 1024 C:\WINDOWS\system32\config\default.LOG
7/31/2006 3:16:30 PM H 1024 C:\WINDOWS\system32\config\SAM.LOG
7/31/2006 3:17:08 PM H 1024 C:\WINDOWS\system32\config\SECURITY.LOG
7/31/2006 5:18:24 PM H 1024 C:\WINDOWS\system32\config\software.LOG
7/31/2006 5:20:58 PM H 1024 C:\WINDOWS\system32\config\system.LOG
7/13/2006 3:00:58 AM H 1024 C:\WINDOWS\system32\config\systemprofile\NTUSER.DAT.LOG
7/2/2006 6:47:22 PM HS 388 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\17da70fe-6211-4e9c-be51-65299350a6c8
7/2/2006 6:47:22 PM HS 24 C:\WINDOWS\system32\Microsoft\Protect\S-1-5-18\User\Preferred
7/31/2006 3:09:34 PM H 6 C:\WINDOWS\Tasks\SA.DAT

Checking for CPL files...
8/19/2003 12:20:04 AM 180224 C:\WINDOWS\SYSTEM32\ac3filter.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\access.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 549888 C:\WINDOWS\SYSTEM32\appwiz.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 110592 C:\WINDOWS\SYSTEM32\bthprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 135168 C:\WINDOWS\SYSTEM32\desk.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 80384 C:\WINDOWS\SYSTEM32\firewall.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 155136 C:\WINDOWS\SYSTEM32\hdwwiz.cpl
TOSHIBA Corp. 10/31/2003 12:28:06 PM 520192 C:\WINDOWS\SYSTEM32\HWSETUP.CPL
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\igfxcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 358400 C:\WINDOWS\SYSTEM32\inetcpl.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 129536 C:\WINDOWS\SYSTEM32\intl.cpl
Microsoft Corporation 8/4/2004 1:56:58 AM 380416 C:\WINDOWS\SYSTEM32\irprops.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 68608 C:\WINDOWS\SYSTEM32\joy.cpl
Sun Microsystems, Inc. 12/6/2004 10:31:48 PM 49265 C:\WINDOWS\SYSTEM32\jpicpl32.cpl
Microsoft Corporation 3/31/2003 5:00:00 AM 187904 C:\WINDOWS\SYSTEM32\main.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 618496 C:\WINDOWS\SYSTEM32\mmsys.cpl
Microsoft Corporation 3/31/2003 5:00:00 AM 35840 C:\WINDOWS\SYSTEM32\ncpa.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 25600 C:\WINDOWS\SYSTEM32\netsetup.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 257024 C:\WINDOWS\SYSTEM32\nusrmgr.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 32768 C:\WINDOWS\SYSTEM32\odbccp32.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 114688 C:\WINDOWS\SYSTEM32\powercfg.cpl
Apple Computer, Inc. 9/23/2004 7:57:40 PM 323072 C:\WINDOWS\SYSTEM32\QuickTime.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 298496 C:\WINDOWS\SYSTEM32\sysdm.cpl
Microsoft Corporation 3/31/2003 5:00:00 AM 28160 C:\WINDOWS\SYSTEM32\telephon.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 94208 C:\WINDOWS\SYSTEM32\timedate.cpl
9/5/2003 2:36:40 PM 495616 C:\WINDOWS\SYSTEM32\TOSCDSPD.cpl
TOSHIBA Corporation 11/19/2003 10:16:36 PM 1257472 C:\WINDOWS\SYSTEM32\TPwrSave.cpl
Microsoft Corporation 8/4/2004 12:56:58 AM 148480 C:\WINDOWS\SYSTEM32\wscui.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\wuaucpl.cpl
Microsoft Corporation 5/26/2005 4:16:30 AM 174360 C:\WINDOWS\SYSTEM32\dllcache\wuaucpl.cpl
Intel Corporation 4/7/2003 1:14:30 AM 94208 C:\WINDOWS\SYSTEM32\ReinstallBackups\0013\DriverFiles\igfxcpl.cpl

Checking Selected Startup Folders

Checking files in %ALLUSERSPROFILE%\Startup folder...
11/20/2003 4:46:40 PM HS 84 C:\Documents and Settings\All Users\Start Menu\Programs\Startup\desktop.ini

Checking files in %ALLUSERSPROFILE%\Application Data folder...
11/20/2003 8:37:56 AM HS 62 C:\Documents and Settings\All Users\Application Data\desktop.ini

Checking files in %USERPROFILE%\Startup folder...
11/20/2003 4:46:40 PM HS 84 C:\Documents and Settings\James P. Durbin\Start Menu\Programs\Startup\desktop.ini

Checking files in %USERPROFILE%\Application Data folder...
10/2/2005 6:26:06 PM 25036 C:\Documents and Settings\James P. Durbin\Application Data\Comma Separated Values (Windows).ADR
11/20/2003 8:37:56 AM HS 62 C:\Documents and Settings\James P. Durbin\Application Data\desktop.ini

Checking Selected Registry Keys

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
SV1 =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]

[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers]
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\HotShellExt
{02040CD1-EF11-11D5-BC3F-0003473F5BF0} = C:\Program Files\eFax Messenger Plus\hotshell.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With
{09799AFB-AD67-11d1-ABCD-00C04FC30936} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Open With EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\Yahoo! Mail
{5464D816-CF16-4784-B9F3-75C0DB52B499} = C:\PROGRA~1\Yahoo!\Common\ymmapi20041123.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{8C504614-A455-4CBA-81B4-D279644B8A7D}
= tfaxext.dll
HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Start Menu Pin = %SystemRoot%\system32\SHELL32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\PhotagSearch
{181ED3BC-91D2-4424-B8E1-922B8F55BF56} = C:\Program Files\PhoTags Express\PWSSearchHandler.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\Symantec.Norton.Antivirus.IEContextMenu
{5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2} = C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\EncryptionMenu
{A470F8CF-A1E8-4f65-8335-227475AA5C46} = %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Offline Files
{750fdf0e-2a26-11d1-a3ea-080036587f03} = %SystemRoot%\System32\cscui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\Sharing
{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6} = ntshrui.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\WinRAR
{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers]
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{0D2E74C4-3C34-11d2-A27E-00C04FC30871}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F01-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{24F14F02-7B1C-11d1-838f-0000F80461CF}
= %SystemRoot%\system32\SHELL32.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{66742402-F9B9-11D1-A202-0000F81FEDEE}
= %SystemRoot%\system32\SHELL32.dll

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
AcroIEHlprObj Class = C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{243B17DE-77C7-46BF-B94B-0B5F309A0E64}
= C:\Program Files\Microsoft Money\System\mnyside.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}
= C:\PROGRA~1\SPYBOT~1\SDHelper.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
UberButton Class = C:\Program Files\Yahoo!\Common\yiesrvc.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65D886A2-7CA7-479B-BB95-14D1EFB7946A}
YahooTaggedBM Class = C:\Program Files\Yahoo!\Common\YIeTagBm.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9394EDE7-C8B5-483E-8773-474BF36AF6E4}
ST = C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
MSNToolBandBHO = C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}
CNavExtBho Class = C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{4D5C8C25-D075-11d0-B416-00C04FB90376}
&Tip of the Day = %SystemRoot%\System32\shdocvw.dll
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\{FE54FA40-D68C-11d2-98FA-00C0F0318AFE}
Real.com = C:\WINDOWS\System32\Shdocvw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}
MenuText = Sun Java Console :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897}
ButtonText = Yahoo! Services :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{85d1f590-48f4-11d9-9669-0800200c9a66}
MenuText = Uninstall BitDefender Online Scanner v8 :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}
ButtonText = Research :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
ButtonText = Real.com :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E023F504-0C5A-4750-A1E7-A9046DEA8A21}
ButtonText = MoneySide :
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}
ButtonText = Messenger : C:\Program Files\Messenger\msmsgs.exe

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{32683183-48a0-441b-a342-7c2a440a9478}
=
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{4528BBE0-4E08-11D5-AD55-00010333D0AD}
&Yahoo! Messenger = C:\PROGRA~1\Yahoo!\Common\yhexbmesus.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{C4EE31F3-4768-11D2-BE5C-00A0C9A83DA1}
File Search Explorer Band = %SystemRoot%\system32\SHELL32.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E61-B078-11D0-89E4-00C04FC9E26E}
Favorites Band = %SystemRoot%\System32\shdocvw.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars\{EFA24E64-B078-11D0-89E4-00C04FC9E26E}
Explorer Band = %SystemRoot%\System32\shdocvw.dll

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar]
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser
{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} = Norton AntiVirus : C:\Program Files\Norton AntiVirus\NavShExt.dll
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser
{01E04581-4EEE-11D0-BFE9-00AA005B4383} = &Address : %SystemRoot%\System32\browseui.dll
{0E5CBF21-D15F-11D0-8301-00AA005B4383} = &Links : %SystemRoot%\system32\SHELL32.dll
{1C78AB3F-A857-482E-80C0-3A1E5238A565} = :
{EF99BD32-C1FB-11D2-892F-0090271D4F88} = Yahoo! Toolbar : C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} = MSN : C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Zone Labs Client "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]
IMAIL Installed = 1
MAPI Installed = 1
MSFS Installed = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
ctfmon.exe C:\WINDOWS\system32\ctfmon.exe

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\load]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandFrom

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\ExpandTo
0 C:\


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services
AOL ACS 2


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^eFax Tray Menu.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu.lnk
backup C:\WINDOWS\pss\eFax Tray Menu.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1\HotTray.exe
item eFax Tray Menu
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\eFax Tray Menu.lnk
backup C:\WINDOWS\pss\eFax Tray Menu.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1\HotTray.exe
item eFax Tray Menu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hp psc 2000 Series.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hp psc 2000 Series.lnk
backup C:\WINDOWS\pss\hp psc 2000 Series.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hpobnz08.exe
item hp psc 2000 Series

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Live Menu.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Live Menu.lnk
backup C:\WINDOWS\pss\Live Menu.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1\Dllcmd32.exe /R /K C:\PROGRA~1\EFAXME~1\HsPfcW32.dll,JSPFCWSetHooking,1,0,0,0
item Live Menu
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Live Menu.lnk
backup C:\WINDOWS\pss\Live Menu.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\EFAXME~1\Dllcmd32.exe /R /K C:\PROGRA~1\EFAXME~1\HsPfcW32.dll,JSPFCWSetHooking,1,0,0,0
item Live Menu

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office OneNote 2003 Quick Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE /tsr
item Microsoft Office OneNote 2003 Quick Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office OneNote 2003 Quick Launch.lnk
backup C:\WINDOWS\pss\Microsoft Office OneNote 2003 Quick Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\OFFICE11\ONENOTEM.EXE /tsr
item Microsoft Office OneNote 2003 Quick Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
item Microsoft Office
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\MICROS~2\Office\OSA9.EXE -b -l
item Microsoft Office

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MiniEYE-MiniREAD Launch.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe
item MiniEYE-MiniREAD Launch
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MiniEYE-MiniREAD Launch.lnk
backup C:\WINDOWS\pss\MiniEYE-MiniREAD Launch.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\INFINI~1\eyeQ\ARLaunch.exe
item MiniEYE-MiniREAD Launch

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^officejet 6100.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
item officejet 6100
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\officejet 6100.lnk
backup C:\WINDOWS\pss\officejet 6100.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\HEWLET~1\DIGITA~1\bin\hposol08.exe
item officejet 6100

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Photags AutoDetect.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\PHOTAG~1\PHOTAG~1.EXE -startup
item Photags AutoDetect
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Photags AutoDetect.lnk
backup C:\WINDOWS\pss\Photags AutoDetect.lnkCommon Startup
location Common Startup
command C:\PROGRA~1\PHOTAG~1\PHOTAG~1.EXE -startup
item Photags AutoDetect

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
location Common Startup
command C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
item Symantec Fax Starter Edition Port
path C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup C:\WINDOWS\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
location Common Startup
command C:\Program Files\Microsoft Office\Office\1033\OLFSNT40.EXE
item Symantec Fax Starter Edition Port

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^James P. Durbin^Start Menu^Programs^Startup^BitTorrent.lnk
path C:\Documents and Settings\James P. Durbin\Start Menu\Programs\Startup\BitTorrent.lnk
backup C:\WINDOWS\pss\BitTorrent.lnkStartup
location Startup
command C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE
item BitTorrent
path C:\Documents and Settings\James P. Durbin\Start Menu\Programs\Startup\BitTorrent.lnk
backup C:\WINDOWS\pss\BitTorrent.lnkStartup
location Startup
command C:\PROGRA~1\BITTOR~1\BITTOR~1.EXE
item BitTorrent

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^James P. Durbin^Start Menu^Programs^Startup^VirtuaGirl2.lnk
path C:\Documents and Settings\James P. Durbin\Start Menu\Programs\Startup\VirtuaGirl2.lnk
backup C:\WINDOWS\pss\VirtuaGirl2.lnkStartup
location Startup
command C:\PROGRA~1\Vg\VIRTUA~1.EXE
item VirtuaGirl2
path C:\Documents and Settings\James P. Durbin\Start Menu\Programs\Startup\VirtuaGirl2.lnk
backup C:\WINDOWS\pss\VirtuaGirl2.lnkStartup
location Startup
command C:\PROGRA~1\Vg\VIRTUA~1.EXE
item VirtuaGirl2

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\000StTHK
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 000StTHK
hkey HKLM
command 000StTHK.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 000StTHK
hkey HKLM
command 000StTHK.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\00THotkey
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 00THotkey
hkey HKLM
command C:\WINDOWS\System32\00THotkey.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item 00THotkey
hkey HKLM
command C:\WINDOWS\System32\00THotkey.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\AGRSMMSG
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AGRSMMSG
hkey HKLM
command AGRSMMSG.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item AGRSMMSG
hkey HKLM
command AGRSMMSG.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Apoint
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Apoint
hkey HKLM
command C:\Program Files\Apoint2K\Apoint.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Apoint
hkey HKLM
command C:\Program Files\Apoint2K\Apoint.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\B'sCLiP
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BSCLIP
hkey HKLM
command C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item BSCLIP
hkey HKLM
command C:\PROGRA~1\B'SCLI~1\Win2K\BSCLIP.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ccApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ccApp
hkey HKLM
command "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ctfmon.exe
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ctfmon
hkey HKCU
command C:\WINDOWS\system32\ctfmon.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Drag'n Drop CD+DVD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DragDrop
hkey HKLM
command C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item DragDrop
hkey HKLM
command C:\Program Files\Drag'n Drop CD+DVD\BinFiles\DragDrop.exe /StartUp
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ezShieldProtector for Px
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ezSP_Px
hkey HKLM
command C:\WINDOWS\system32\ezSP_Px.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ezSP_Px
hkey HKLM
command C:\WINDOWS\system32\ezSP_Px.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\googletalk
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletalk
hkey HKCU
command "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item googletalk
hkey HKCU
command "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\HotKeysCmds
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hkcmd
hkey HKLM
command C:\WINDOWS\System32\hkcmd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IgfxTray
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\System32\igfxtray.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item igfxtray
hkey HKLM
command C:\WINDOWS\System32\igfxtray.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Lexmark X74-X75
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbbbmgr
hkey HKLM
command "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item lxbbbmgr
hkey HKLM
command "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LtMoh
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ltmoh
hkey HKLM
command C:\Program Files\ltmoh\Ltmoh.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item Ltmoh
hkey HKLM
command C:\Program Files\ltmoh\Ltmoh.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\LyraHD2TrayApp
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LYRAHD2TrayApp
hkey HKLM
command "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item LYRAHD2TrayApp
hkey HKLM
command "C:\Program Files\Thomson\Lyra Jukebox\LyraHDTrayApp\LYRAHD2TrayApp.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MoneyAgent
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item mnyexpr
hkey HKCU
command "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MSMSGS
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item msmsgs
hkey HKCU
command "C:\Program Files\Messenger\msmsgs.exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MsnMsgr
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item MsnMsgr
hkey HKCU
command "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NeroCheck
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item NeroCheck
hkey HKLM
command C:\WINDOWS\system32\NeroCheck.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\PadTouch
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PadExe
hkey HKLM
command "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item PadExe
hkey HKLM
command "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Pinger
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pinger
hkey HKLM
command C:\TOSHIBA\IVP\ISM\pinger.exe /run
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item pinger
hkey HKLM
command C:\TOSHIBA\IVP\ISM\pinger.exe /run
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\QuickTime Task
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item qttask
hkey HKLM
command "C:\Program Files\QuickTime\qttask.exe" -atboottime
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Share-to-Web Namespace Daemon
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item hpgs2wnd
hkey HKLM
command C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item jusched
hkey HKLM
command C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Symantec NetDriver Monitor
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item SNDMon
hkey HKLM
command C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TFncKy
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TFncKy
hkey HKLM
command TFncKy.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TFncKy
hkey HKLM
command TFncKy.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TFNF5
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TFNF5
hkey HKLM
command TFNF5.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TFNF5
hkey HKLM
command TFNF5.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TOSCDSPD
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item toscdspd
hkey HKCU
command C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item toscdspd
hkey HKCU
command C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TouchED
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TouchED
hkey HKLM
command C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TouchED
hkey HKLM
command C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\TPSMain
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TPSMain
hkey HKLM
command TPSMain.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item TPSMain
hkey HKLM
command TPSMain.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WxEx
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WxEx
hkey HKLM
command C:\Program Files\KING5.com First Alert Desktop Weather\WxEx.exe
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item WxEx
hkey HKLM
command C:\Program Files\KING5.com First Alert Desktop Weather\WxEx.exe
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Yahoo! Pager
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0
key SOFTWARE\Microsoft\Windows\CurrentVersion\Run
item ypager
hkey HKCU
command C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
inimapping 0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state
system.ini 0
win.ini 0
bootini 0
services 0
startup 2


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{17492023-C23A-453E-A040-C7C580BBF700} 1

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} =
{0DF44EAA-FF21-4412-828E-260A8728E7F1} =


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ratings

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system
dontdisplaylastusername 0
legalnoticecaption
legalnoticetext
shutdownwithoutlogon 1
undockwithoutlogon 1


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
NoDriveTypeAutoRun 145
SpecifyDefaultButtons 1
Btn_Search 2
NoBandCustomize 1
NoToolbarCustomize 1

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Ext\CLSID
{00000000-0000-0000-0000-000000000000} 0
{00000000-0000-0000-0000-000000000001} 0
{00000000-0000-0000-0000-000000000221} 0
{00000000-0000-0000-0000-000000000240} 0
{00000000-0000-0000-8835-3EFF76BF2657} 0
{00000000-0000-0000-BFA1-D7EE6696B865} 0
{00000000-0000-41a3-98CF-00000000168B} 0
{00000000-0000-47c5-A90F-2CDE8F7638DB} 0
{00000000-0000-5DFC-5652-1705043F6518} 0
{00000000-0000-7EBF-57C6-0BAE047EA682} 0
{00000000-0001-0345-2280-0287F27A63EE} 0
{00000000-0001-1DBE-075A-39EC04BD88AF} 0
{00000000-0001-F7A6-1F38-0204019E355E} 0
{00000000-0002-0002-0000-000000000000} 0
{00000000-0002-53D4-0622-35EA0235778E} 0
{00000000-0007-5041-4354-0020e48020af} 0
{00000000-0008-5041-4354-0020e48020af} 0
{00000000-0008-D357-0798-004401965D4A} 0
{00000000-0009-1C42-7D61-6CFF050894A7} 0
{00000000-0015-BD9C-263A-493001BA0C6C} 0
{00000000-002B-EFE6-6B08-560C01922D3B} 0
{00000000-0033-C1AC-0E62-0C1F0537605D} 0
{00000000-008C-1E65-6AA6-3A270279F027} 0
{00000000-00FA-71ED-4ABA-348801BAA0A9} 0
{00000000-0C95-B1F8-547A-405204D6961A} 0
{00000000-10D6-4e5f-8F7F-29B32C1C0FC4} 0
{00000000-167B-41bc-95FF-86A07B14712C} 0
{00000000-2565-4c5b-A455-A74C8A2247AB} 0
{00000000-5eb9-11d5-9d45-009027c14662} 0
{00000000-623A-11D4-BCDB-005004131771} 0
{00000000-64C4-4a64-9767-895AB4921E41} 0
{00000000-6CB0-410C-8C3D-8FA8D2011D0A} 0
{00000000-6c30-11d8-9363-000ae6309654} 0
{00000000-D9E3-4BC6-A0BD-3D0CA4BE5271} 0
{00000000-F183-11D1-BE1C-00000100C596} 0
{00000010-6F7D-442C-93E3-4A4827C2E4C8} 0
{0000001D-BA9B-11D2-BDF1-0090272A6D78} 0
{000000DA-0786-4633-87C6-1AA7A4429EF1} 0
{000000F1-34E3-4633-87C6-1AA7A44296DA} 0
{00000178-CD4A-447a-BCF9-6FD0096B5527} 0
{00000185-B716-11D3-92F3-00D0B709A7D8} 0
{00000185-C745-43D2-44F1-01A1C789C738} 0
{00000250-0320-4DD4-BE4F-7566D2314352} 0
{0000026A-8230-4DD4-BE4F-6889D1E74167} 0
{00000273-8230-4DD4-BE4F-6889D1E74167} 0
{00000285-B716-11D3-92F3-00D0B709A7D8} 0
{000004CC-E4FF-4F2C-BC30-DBEF0B983BC9} 0
{00000580-C637-11D5-831C-00105AD6ACF0} 0
{000006B1-19B5-414A-849F-2A3C64AE6939} 0
{00000762-3965-4A1A-98CE-3D4BF457D4C8} 0
{00000EF1-0786-4633-87C6-1AA7A44296DA} 0
{00000EF1-34E3-4633-87C6-1AA7A44296DA} 0
{000020DD-C72E-4113-AF77-DD56626C6C42} 0
{0000607D-D204-42C7-8E46-216055BF9918} 0
{0000CC75-ACF3-4cac-A0A9-DD3868E06852} 0
{00010a21-b924-4cd6-893c-eea1071ae8b3} 0
{000277A3-7D84-406a-9799-D12A81594693} 0
{00041A26-7033-432C-94C7-6371DE343822} 0
{000E6ED5-E3FC-4c93-99E9-D38D2A9F9B09} 0
{000E7270-CC7A-0786-8E7A-DA09B51938A6} 0
{00110011-4B0B-44D5-9718-90C88817369B} 0
{0019C3E2-DD48-4A6D-AB2D-8D32436313D9} 0
{0019C3E2-DD48-4A6D-ABCD-8D32436313D9} 0
{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} 0
{001B3456-4ADE-44D0-8C23-D69D32658D84} 0
{001DAE60-95C0-11d3-924E-009027950886} 0
{001F2470-5DF5-11d3-B991-00A0C9BB0874} 0
{001F2570-5DF5-11d3-B991-00A0C9BB0874} 0
{00320615-B6C2-40A6-8F99-F1C52D674FAD} 0
{0036F389-FEF8-43AC-9220-16430E0012ED} 0
{004A5840-FF59-11d2-B50D-0090271D3FD4} 0
{004B23E0-1E63-4ED6-BCAC-922BA26CF096} 0
{0055C089-8582-441B-A0BF-17B458C2A3A8} 0
{00673769-777F-4814-BE0F-74CBA1D823B8} 0
{0096CC0A-623C-4829-AD9C-19AF0DC9D8FE} 0
{00A0A40C-F432-4C59-BA11-B25D142C7AB7} 0
{00A6FAF1-072E-44cf-8957-5838F569A31D} 0
{00C6482D-C502-44C8-8409-FCE54AD9C208} 0
{00D6A7E7-4A97-456f-848A-3B75BF7554D7} 0
{00F16DC8-1B2A-42F4-B18B-E21DA9D2D7FD} 0
{0140DF95-9128-4053-AE72-F43F0CFCA062} 0
{014DA6C1-189F-421a-88CD-07CFE51CFF10} 0
{014DA6C9-189F-421a-88CD-07CFE51CFF10} 0
{01A7812B-59E8-4A4F-BFD6-EEE6D4CB6BA2} 0
{01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} 0
{01CD4DDA-166D-4831-A373-ACCC27E1BB9D} 0
{01E04581-4EEE-11D0-BFE9-00AA005B4383} 0
{01F44A8A-8C97-4325-A378-76E68DC4AB2E} 0
{021BB032-80A8-4FB6-B3D5-CF27B1553B95} 0
{02336F51-24CA-4422-AB63-18841ADF35E6} 0
{02478D28-C3F9-4efb-9B51-7695ECA05670} 0
{02478D38-C3F9-4efb-9B51-7695ECA05670} 0
{024DE5EB-3649-445E-8D57-C09A9A33D479} 0
{02681612-869A-4a07-9D7D-984F42217890} 0
{029BB53A-C312-4b09-9B4F-ED57AF027B28} 0
{029CA12C-89C1-46a7-A3C7-82F2F98635CB} 0
{02DCA195-602B-4B1F-83FF-381B7E804BDB} 0
{0315AA2C-10C7-4504-A1C4-F552ABA8A095} 0
{0345B059-8731-42BC-B7B7-5121014B02C6} 0
{0352960F-47BE-11D5-AB93-00D0B760B4EB} 0
{04047354-D353-11D2-B3EB-0060B03C5581} 0
{04079851-5845-4dea-848C-3ECD647AA554} 0
{04164EC4-1E48-4279-818E-3721931E7636} 0
{0421701D-CF13-4E70-ADF0-45A953E7CB8B} 0
{0428FFC7-1931-45b7-95CB-3CBB919777E1} 0
{046D6EA4-15E3-4b27-8010-45BD78A9219E} 0
{04719991-296F-4958-AA0F-FA25FFA5008B} 0
{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} 0
{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} 0
{0549E6CB-9985-42F6-8FD6-4EC017E6AAE1} 0
{058FC709-D5CD-4A95-92DB-59E6488ECDA4} 0
{059B2FC0-741D-40F8-AEFA-D2C919EB9217} 0
{05BBB56A-2A69-4A5C-BFDA-43295DD67434} 0
{06594350-D723-11D8-9669-0800200C9A66} 0
{06DFEDAA-6196-11D5-BFC8-00508B4A487D} 0
{074E3AA7-7718-4404-B3F8-FF8FB5414E0E} 0
{07B18EA1-A523-4961-B6BB-170DE4475CCA} 0
{07B18EA9-A523-4961-B6BB-170DE4475CCA} 0
{08227B4B-54FE-4C4D-809F-BCA46292FC5B} 0
{08351226-6472-43BD-8A40-D9221FF1C4CE} 0
{08351227-6472-43BD-8A40-D9221FF1C4CE} 0
{08442457-929D-4522-AE24-9D3E4664A0C1} 0
{086AE192-23A6-48D6-96EC-715F53797E85} 0
{086CEFD5-A88D-4981-8915-D51F04360ED1} 0
{087173EF-9829-4F49-8340-A524177D3F60} 0
{08C63920-DC18-11D2-9E1E-00A0247061AB} 0
{08DBDE36-DF28-11D5-8CA5-0050DA44A764} 0
{08E1C8E1-E565-44fc-A766-C9539BB3ABB7} 0
{08E74C67-99A6-45C7-94DA-A397A8FD8082} 0
{0950C008-880D-46F3-AFE0-AE85C6458044} 0
{09549E9B-8BC0-40A4-B5D6-BD761338D631} 0
{0982868C-47F0-4EFB-A664-C7B0B1015808} 0
{09AF76DD-6988-4664-97D0-362F1011E311} 0
{09F0F280-FB9A-481B-B69A-CB00DC44D027} 0
{0A1375E1-56C2-11D6-8E45-8933A0FB5235} 0
{0A1A2A3A-4A5A-6A7A-8A9A-AABACADAEAFA} 0
{0A4DC360-26A5-4FC1-8FB2-ADD00738A99B} 0
{0A5CF411-F0BF-4AF8-A2A4-8233F3109BED} 0
{0A68C5A2-64AE-4415-88A2-6542304A4745} 0
{0A6A6F79-BBE3-4A8B-8A64-9D1D1100A347} 0
{0AAF602E-72A1-45FE-BAB1-06971E07EAA2} 0
{0ADCDFE7-8490-406D-91BF-88F71FD7F8AE} 0
{0AEE4D0C-4B38-4196-AE32-70ACE5656647} 0
{0B519E07-7824-4adc-8890-93D5EABBF285} 0
{0B90AA1B-F649-44C3-9FD3-736C332CBBCF} 0
{0BA1C6EB-D062-4E37-9DB5-B07743276324} 0
{0C9CBFE1-91CD-40C2-BB64-1EC84C4C46AF} 0
{0D245396-8535-11D3-B3F9-00A0C9424626} 0
{0D7DC475-59EB-4781-985F-A6F5D4E2BC73} 0
{0D929918-C804-4756-B0AC-640EF3F061E9} 0
{0DDBB570-0396-44C9-986A-8F6F61A51C2F} 0
{0E1230F8-EA50-42A9-983C-D22ABC2E0099} 0
{0E1230F8-EA50-42A9-983C-D22ABC2EEB4C} 0
{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} 0
{0E5CBF21-D15F-11D0-8301-00AA005B4383} 0
{0EEDB912-C5FA-486F-8334-57288578C627} 0
{0F660F64-F4C9-477F-8529-44181B717472} 0
{0FC817C2-3B45-11D4-8340-0050DA825906} 0
{0FFE2F08-3AC9-4A91-A61D-4FF24F91A561} 0
{1028F737-81E7-452B-A860-E50CAD90A08C} 0
{10384d0e-2bc1-48b6-844b-ad0e9e6d2511} 0
{10955232-B671-11D7-8066-0040F6F477E4} 0
{11359F4A-B191-42d7-905A-594F8CF0387B} 0
{118CE65F-5D86-4AEA-A9BD-94F92B89119F} 0
{11904CE8-632A-4856-A7CC-00B33FE71BD8} 0
{11990E9F-2A4D-11D6-9507-02608CDD2842} 0
{11F6B95F-0774-4B8D-8C9E-6B552CBCAD14} 0
{1201333E-BAD9-481C-BCF5-6904498CF85B} 0
{120FF052-1C61-4C14-8F54-BBBC4A988590} 0
{123249EB-F891-44C4-946F-450064F9080E} 0
{12BA043E-293E-4CE4-A8C7-8460934FE801} 0
{12D02C08-218F-4A11-BDE1-6611ADB7B81F} 0
{12DF6E3E-6272-4AE8-880B-2158D60791C0} 0
{12F02779-6D88-4958-8AD3-83C12D86ADC7} 0
{136A9D1D-1F4B-43D4-8359-6F2382449255} 0
{13707362-08A2-11D3-A26D-0060976E9E6A} 0
{139D88E5-C372-469D-B4C5-1FE00852AB9B} 0
{13F537F0-AF09-11d6-9029-0002B31F9E59} 0
{13F90341-AD79-4A9F-9B57-0234675670D6} 0
{1402DF89-8043-44E9-AFE8-CB3DB644EF7D} 0
{14B3D246-6274-40B5-8D50-6C2ADE2AB29B} 0
{150FA160-130D-451F-B863-B655061432BA} 0
{157F70D2-49E8-11D3-B094-005004116944} 0
{16122F02-9713-11D3-9744-005004116944} 0
{1624F640-49AC-11D3-8ABD-00C04FA95EE0} 0
{165EAF06-A068-4BE1-8418-D92B2A196878} 0
{166348F1-2C41-4C9F-86BB-EB2B8ADE030C} 0
{16664845-0E00-11D2-8059-000000000000} 0
{1678F7E1-C422-11D0-AD7D-00400515CAAA} 0
{17456D4E-823D-9B68-283C-1A819CBBDD19} 0
{17939A30-18E2-471E-9D3A-56DD725F1215} 0
{179E4B4A-76C3-4F65-BCED-C9FA1A28D2EF} 0
{17DA0C9E-4A27-4ac5-BB75-5D24B8CDB972} 0
{1808648B-3102-4293-8AD3-06AF71D3321B} 0
{18AD2309-B249-46FB-9012-3B787446707F} 0
{18B79968-1A76-4953-9EBB-B651407F8998} 0
{19A447BA-9C2E-4864-93F5-A0645229771E} 0
{19E41A2D-BD9D-48bb-9576-27B2CF0877C0} 0
{1A1DAC8C-074D-440F-8707-7009A672D7D1} 0
{1A214F62-47A7-4CA3-9D00-95A3965A8B4A} 0
{1A98BCA2-0BD1-47DE-9710-C7665F7F1FCB} 0
{1B0E7716-898E-48cc-9690-4E338E8DE1D3} 0
{1B13BF1B-A528-4CC4-B5BF-553CAA6487AC} 0
{1B77D30A-81C9-497A-8647-142F7511B1FB} 0
{1B7D753B-1981-4bd2-91F3-6D055EE113A0} 0
{1BC1FC4B-B0D2-4D8D-9307-2E40E2A8C257} 0
{1BDD55B8-3985-4E59-B906-5E0AD56D6710} 0
{1C4DA27D-4D52-4465-A089-98E01BB725CA} 0
{1C78AB3F-A857-482e-80C0-3A1E5238A565} 1
{1C900459-DEEF-4aa9-B260-1EF0F0C70A8D} 0
{1D022C27-3771-4D1D-B1B7-1953E271C6CA} 0
{1D62BD48-16F6-4004-A54A-3C41E4955A87} 0
{1D71DB63-D72A-4479-98F8-5BCB84FAE0F6} 0
{1D870C86-AA3C-4451-81E4-71D480A1A652} 0
{1D9B10E0-E90C-11D7-A399-B7BAC8911A3F} 0
{1E1B2879-30C7-11D4-8DDF-525400E483E3} 0
{1E1B2879-88FA-11D3-8D96-D7ACAC95951A} 0
{1E1B2879-88FF-11D2-8D96-000000000003} 0
{1E1B2879-88FF-11D2-8D96-000000000004} 0
{1E1B2879-88FF-11D2-8D96-123457123457} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC31337F} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC95951A} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC95951F} 0
{1E1B2879-88FF-11D2-8D96-D7ACAC97972F} 0
{1E1B2879-88FF-11D2-8D96-FFFFAC95951F} 0
{1E1B2879-88FF-11D3-8D96-D7ACAC95951A} 0
{1E1B2879-88FF-11D3-8D96-D7ACAC95951F} 0
{1E6F1D6A-1F20-11D4-8859-00A0CCE26836} 0
{1F326B8F-CE7F-4C98-96A1-AC7A2B61D742} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA2} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA7} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFA8} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFAF} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB1} 0
{1F48AA48-C53A-4E21-85E7-AC7CC6B5FFB2} 0
{1F5D3D5F-5738-423C-A962-066EC1A6427F} 0
{1FEA39D6-46B3-4F66-BC38-4839CFE198EA} 0
{2005F7BA-6189-4607-BF8B-667679251CC0} 0
{2038A287-4221-4F76-A7C0-ADDD77AFABB3} 0
{204F937E-519E-4597-96FA-8F1F59F3CB6D} 0
{206E52E0-D52E-11D4-AD54-0000E86C26F6} 0
{20E5DE3E-3D2C-4E4F-969E-6C3F00354BC7} 0
{21301D69-B8F1-46AA-B0B5-09EE2285914C} 0
{21C32A07-0176-4FFE-BCDA-65D4A24F4303} 0
{223405EC-01F9-48a2-BDBB-D519913E2765} 0
{224530A0-C9CB-4AEE-9C0F-54AC1B533211} 0
{22941A26-7033-432C-94C7-6371DE343822} 0
{22998D24-B789-4CA2-A7FC-CD7CE7DEB14C} 0
{22D003CE-6952-46C5-80B9-D19B479620AB} 0
{23BC1CCF-4BE7-497F-B154-6ADA68425FBB} 0
{23DDAE8C-6A79-4d62-80AA-E95D89CB9811} 0
{24180B00-2EB6-11d7-BD6F-004854603DCE} 0
{248B131E-01EA-4587-8EFE-1D915E143D5E} 0
{24AC2D89-8566-4A52-850A-24FAF8DF57E0} 0
{259F616C-A300-44F5-B04A-ED001A26C85C} 0
{25F7FA20-3FC3-11D7-B487-00D05990014C} 0
{2645D297-DD4B-4DD3-BAB0-34D4BB8F7EE6} 0
{2662BDD7-05D6-408F-B241-FF98FACE6054} 0
{267D5BD3-0DC2-4724-A196-7F4794FBB9EB} 0
{269B6797-664E-48AA-B283-B012BDF6E525} 0
{26CA4BD4-E63A-423D-AE08-933C2F8F0977} 0
{26CB33C5-1F3C-4C52-8B26-29D6E0635770} 0
{270B845C-712C-4773-BEE0-AE2D2001CD0F} 0
{2737A6C0-7E24-11D7

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:40 PM

Posted 01 August 2006 - 04:10 AM

Hey there.

It looks like the Panda scan and the new Hijackthis log were cut off.
Please repost them in separate replies.

Please search and delete this file:
C:\WINDOWS\SYSTEM32\in10b6.dlltmp

Please open notepad and and copy and paste next bold in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
{1C78AB3F-A857-482E-80C0-3A1E5238A565}=-

Save this as "fix.reg" Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.

* Download Combofix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.
When finished, it should produce a log, combofix.txt.
Post this log in your next reply together with a new hijackthislog, and the panda log.

David

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:40 PM

Posted 11 August 2006 - 01:12 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users